SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.


This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Description Advisory ID CVE# Severity Publish Date Last Updated
Side-Channel Analysis, Spectre Variant 4 and 3a 18-0006 CVE-2018-3640 medium 2018-05-23 2018-06-26
Mitel for Salesforce XSS Vulnerability 18-0005 N/A high 2018-03-06 2018-03-06
Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities 18-0004 CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251 high 2018-03-06 2018-03-06
MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities 18-0003 CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104 medium 2018-01-31 2018-01-31
XML External Entity (XXE) Vulnerability in MiCollab AWV 18-0002 CWE-918 high 2018-01-31 2018-01-31
Side-Channel Analysis Vulnerabilities 18-0001 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 medium 2018-01-08 2018-05-08
Intel processor flaw: Meltdown and Spectre vulnerabilities (CVE-2017-5715/CVE-2017-5753/ CVE-2017-5754) OBSO-1801-01 CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 medium 2018-01-04 2019-06-21
OpenStage and OpenScape Desk Phones: Web Based Management pages access without admin password OBSO-1712-01 - medium 2017-12-13 2017-12-13
SSRF/XSPA Vulnerability in MiContact Center Business 17-0012 CWE-918 high 2017-12-08 2017-12-08
WPA2 Protocol Four-way Handshake Handling MitM Issue (KRACK attack) OBSO-1711-01 - medium 2017-11-03 2018-02-21
Vulnerability in MiCollab Microsoft Outlook Plugin 17-0011 N/A high 2017-10-30 2017-10-30
Linux Kernel bluetooth Remote Stack Buffer Overflow (BlueBorne) (CVE-2017-1000251) OBSO-1710-01 CVE-2017-1000251 medium 2017-10-06 2017-11-03
RTPproxy NAT Functionality RTP Traffic Handling Remote Packet Disclosure (RTP Bleed) (CVE-2017-14114) OBSO-1709-02 CVE-2017-14114 info 2017-09-28 2017-09-28
curl / libcurl Function TFTP File Name Handling Out-of-bounds Read Issue (CVE-2017-1000100) OBSO-1709-01 CVE-2017-1000100 info 2017-09-21 2017-09-21
Multiple Vulnerabilities in MiCollab and MiCollab AWV 17-0010 CWE-20 CWE-79 CWE-93 CWE-307 high 2017-09-14 2017-09-14
Linux Kernel Stack Guard Page Security Feature Bypass Weakness (CVE-2017-1000364) OBSO-1708-01 CVE-2017-1000364 medium 2017-08-02 2020-02-06
SMB1 Remote Code Execution 17-0009 CWE-306 CWE-862 high 2017-06-05 2017-06-05
OpenSSL Vulnerabilities in MiCollab Desktop Applications 17-0008 CVE-2016-2183 CVE-2014-0160 high 2017-06-05 2017-06-05
Unauthorized Access to MiCollab Client 17-0006 CWE-306 CWE-862 high 2017-06-05 2017-06-05
WannaCry Ransomware Attack 17-0007 N/A high 2017-05-23 2017-05-23
Ready to talk to sales? Contact us.