SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.


This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Description Advisory ID CVE# Severity Publish Date Last Updated
Hardening of the Intelligent Platform Management Interface (IPMI) on Unify Servers OBSO-1412-03 - info 2014-12-31 2014-12-31
NTP – Multiple Stack Based Buffer Overflow Vulnerabilities (CVE-2014-9295) OBSO-1412-02 CVE-2014-9295 medium 2014-12-23 2015-01-27
Microsoft Windows Remote Code Execution Vulnerability in Schannel (“Winshock”, MS14-066, CVE-2014-6321) OBSO-1412-01 CVE-2014-6321 high 2014-12-01 2015-06-16
OpenScape Business – Getting Root Access OBSO-1410-03 - low 2014-10-24 2014-10-26
SSL 3.0 “POODLE” vulnerability (CVE-2014-3566) OBSO-1410-02 CVE-2014-3566 low 2014-10-17 2014-10-17
OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in web-based management (CVE-2014-7950) OBSO-1410-01 CVE-2014-7950 high 2014-10-10 2014-10-10
Bash – Remote Command Injection Vulnerability “Shellshock” (CVE-2014-6271/CVE-2014 7169 et al.) OBSO-1409-01 CVE-2014-6271, CVE-2014 7169 high 2014-09-27 2015-07-28
Java in Unify products – RSA private key timing attack vulnerability (CVE-2014-4244) and failure to validate public Diffie-Hellman parameters (CVE-2014-4263) OBSO-1408-04 CVE-2014-4244, CVE-2014-4263 low 2014-08-26 2015-08-21
OpenScape Web Collaboration – Two Cross Site Scripting (XSS) vulnerabilities OBSO-1408-03 - medium 2014-08-25 2014-08-25
OpenScape Deployment Service – Hardening of the TLS-based Workpoint Interface OBSO-1408-02 - info 2014-08-22 2015-01-31
openSSL TLS Client Denial of Service vulnerability (CVE-2014-3509) OBSO-1408-01 CVE-2014-3509 low 2014-08-12 2014-09-26
NTP Distributed Reflection Denial-of-Service (DRDoS) attack via the monlist feature (CVE-2013-5211) OBSO-1407-01 CVE-2013-5211 medium 2014-07-25 2014-07-25
OpenStage / OpenScape Desk Phone IP – Information Exposure Vulnerability in web-based management OBSO-1407-03 - medium 2014-07-24 2014-07-24
HiPath 4000 V6 – Security Updates for the Gateway Web Interface OBSO-1407-02 - medium 2014-07-23 2014-07-23
openSSL ChangeCipherSpec Injection Vulnerability (CVE-2014-0224) and FLUSH+RELOAD Cache Side-channel Attack (CVE-2014-0076) OBSO-1406-01 CVE-2014-0224, CVE-2014-0076 medium 2014-06-06 2015-07-28
Impact of the “Heartbleed” vulnerability to third-party products (CVE-2014-0160) OBSO-1404-02-A CVE-2014-0160 info 2014-04-18 2014-05-02
openSSL “Heartbleed” Vulnerability (CVE-2014-0160) OBSO-1404-02 CVE-2014-0160 medium 2014-04-11 2014-05-02
OpenScape Deployment Service – Blind SQL Injection Vulnerability (CVE-2014-2652) OBSO-1404-01 CVE-2014-2652 medium 2014-04-11 2014-04-11
OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in WPI Default Mode (CVE-2014-2651) OBSO-1403-02 CVE-2014-2651 high 2014-03-28 2014-03-28
OpenStage / OpenScape Desk Phone IP (SIP) – OS command Injection Vulnerability in web-based management (CVE-2014-2650) OBSO-1403-01 CVE-2014-2650 high 2014-03-28 2014-03-28
Ready to talk to sales? Contact us.