What’s Fixed?
This Hotfix resolves the following security issue detailed in CVE-2023-22854, and Security Advisory ID: 23-0001
Applicable Platform | Issue Description | Symptoms | Resolution |
|---|---|---|---|
Any | CCMWeb has an endpoint (flexreport.ashx) which allowed for arbitrary file read of any file on the system | N/A | Added protection to disallow path traversal via the filename supplied which will prevent being able to read any arbitrary file on the system. |
Cumulative Fixes Included
The following previous hotfixes are also included in this hotfix:
Hotfix | Description | Link |
|---|---|---|
KB539318 | MiccSdk Slow Down - CPU Spike resulting in Web Ignite Disconnecting and Ignite users unable to see dashboard and queues | |
KB538335 | Fixes for DTMF digits are missed or not being passed to PBX correctly | |
KB537372 | Fixes: Email Routing and Handling; Callback Dashboard \ Monitor; Backup Restore; IVR Excel Data Provider | |
KB536902 | Fixes: Unable to save employee added via Pick user from Active directory and Email processing fixes and improvements | |
KB536401 | Fixes for Microsoft Exchange OAuth mail server connections and Web Ignite Callback Widget issue |
Environment
MiContact Center Business
Installation
This Hotfix is to be installed onto MiContact Center Business version 9.4.0.0
Go to https://www.mitel.com
Click the Login button.
Click the Sign in button under MiAccess.
On the left, select the Software Download Center.
Expand the tree to MiContact Center Business and then down to MiContact Center Business 9.4.0.0 and 9.4.0.0 HotFixes.
Download the "MiCC Hotfix KB540484.exe" Hotfix to the MiContact Center server.
Double-click the MiCC HotFix KB540484.exe and follow the on-screen prompts.
Wait for the repackager and auto-updates to complete.
NOTE: Applying this Hotfix will restart the MiContact Center services. To avoid service interruption we recommend applying the update after hours or during a scheduled maintenance window.