CVE-2024-47223 – This critical SQL injection vulnerability in Mi... (How to Fix)

Q: What is the severity of CVE-2024-47223?

CVE-2024-47223 has a CVSS score of 9.4 (CRITICAL). This critical SQL injection vulnerability in Mitel MiCollab's AWV component allows unauthenticated attackers to execute arbitrary SQL commands. Attackers could access user provisioning information and potentially manipulate database content. All MiCollab deployments up to version 9.8.1.201 are affected.

📋 TL;DR

This critical SQL injection vulnerability in Mitel MiCollab's AWV component allows unauthenticated attackers to execute arbitrary SQL commands. Attackers could access user provisioning information and potentially manipulate database content. All MiCollab deployments up to version 9.8.1.201 are affected.

💻 Affected Systems

Products:

Mitel MiCollab

Versions: Through 9.8 SP1 FP2 (9.8.1.201)

Operating Systems: All supported platforms running MiCollab

Default Config Vulnerable: ⚠️ Yes

Notes: AWV component must be enabled/installed

📦 What is this software?

Micollab by Mitel

View all CVEs affecting Micollab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation, or system takeover via SQL command execution

🟠

Likely Case

Unauthorized access to user provisioning data and potential data manipulation

🟢

If Mitigated

Limited impact if network segmentation and input validation controls are properly implemented

🌐 Internet-Facing: HIGH - Unauthenticated attack vector makes internet-facing instances extremely vulnerable

🏢 Internal Only: HIGH - Even internal systems are vulnerable to insider threats or compromised internal hosts

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited and tooling exists for automated exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 9.8.1.201 - consult Mitel advisory for specific patch

Vendor Advisory: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0028

Restart Required: Yes

Instructions:

1. Review Mitel advisory MISA-2024-0028 2. Apply the latest MiCollab update 3. Restart affected services 4. Verify patch installation

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to MiCollab AWV component to trusted networks only

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy database monitoring and alerting for suspicious SQL queries

🔍 How to Verify

Check if Vulnerable:

Check MiCollab version via admin interface or system logs

Check Version:

Check MiCollab web interface or consult system documentation for version command

Verify Fix Applied:

Verify version is updated beyond 9.8.1.201 and test AWV component functionality

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts to AWV component
Unexpected database schema changes

Network Indicators:

SQL syntax patterns in HTTP requests to AWV endpoints
Unusual database connection patterns

SIEM Query:

source="web_logs" AND (uri="*awv*" OR uri="*MiCollab*") AND (message="*sql*" OR message="*select*" OR message="*union*" OR message="*--*")

📊 Metadata

CVE ID: CVE-2024-47223

CVSS v3 Score: 9.4 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CWE: CWE-89

Published: October 21, 2024

Last Updated: July 7, 2025

🔗 References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0028 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47223, you might also want to check these: