What’s Fixed?
This Hotfix resolves the following security issue detailed in CVE-2023-22854, and Security Advisory ID: 23-0001
Applicable Platform | Issue Description | Symptoms | Resolution |
|---|---|---|---|
Any | CCMWeb has an endpoint (flexreport.ashx) which allowed for arbitrary file read of any file on the system | N/A | Added protection to disallow path traversal via the filename supplied which will prevent being able to read any arbitrary file on the system. |
Cumulative Fixes Included
The following previous hotfixes are also included in this hotfix:
Hotfix | Description | Link |
|---|---|---|
KB539475 | Fixes multiple SIP Call Scenarios issues, RoutingMediaService unable to process commands, Ignite focus issues, callback display issues and configuration changes issue | |
KB530024 |
|
Environment
MiContact Center Business
Installation
This Hotfix is to be installed onto MiContact Center Business version 9.3.5.0
Go to https://www.mitel.com
Click the Login button.
Click the Sign in button under MiAccess.
On the left, select the Software Download Center.
Expand the tree to MiContact Center Business and then down to MiContact Center Business 9.3.5.0 and 9.3.5.0 HotFixes.
Download the "MiCC Hotfix KB540438.exe" Hotfix to the MiContact Center server.
Double-click the MiCC HotFix KB540438.exe and follow the on-screen prompts.
Wait for the repackager and auto-updates to complete.
NOTE: Applying this Hotfix will restart the MiContact Center services. To avoid service interruption we recommend applying the update after hours or during a scheduled maintenance window.