PUBLIC – FOR EXTERNAL USE (TLP: WHITE) – PHP CGI Module Argument Injection Vulnerability (CVE-2024-4577)
https://www.mitel.com/support/security-advisories/obso-2407-01
The vulnerability severity is rated as critical.
Affected Products
Product statements are related to product versions before End of Support (M44) is reached
Products confirmed affected
Unify OpenScape Voice Trace Manager V8.R0.9.13 and earlier.
Update to V8.R0.9.14 or later.
Products confirmed not affected
Unify OpenScape Deployment Service V10 (see Note1)
Additional Notes
Note 1:
OpenScape Deployment Service is not directly impacted as it does not deliver PHP. DLS delivers a PHP script (dls_directory_reader.php) that the admin can use to integrate DLS into an existing Apache server. Customers that use the PHP script should check their configuration and update their PHP stack to a fixed version.