SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.


This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Description Advisory ID CVE# Severity Publish Date Last Updated
Microsoft Patchday March 2017: Microsoft Windows SMB Remote Code Execution vulnerabilities OBSO-1704-01 - high 2017-04-28 2017-05-09
Apache Struts2 Jakarta Multipart Parser File Upload Remote Code Execution (CVE 2017-5638) OBSO-1703-02 CVE 2017-5638 info 2017-03-31 2018-10-12
Apache Struts Remote Code Execution Vulnerability CVE-2017-5638 17-0004 CVE-2017-5638 critical 2017-03-20 2017-03-20
CIA Hack of Siemens/ Unify telephones OBSO-1703-01 - info 2017-03-14 2017-03-14
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) 17-0003 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 critical 2017-02-15 2017-04-03
Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) 17-0002 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 high 2017-02-15 2017-02-15
Misuse / Potential Compromise of Certain Mitel Product Certificates 17-0001 CWE-321 info 2017-02-09 2017-04-03
SHA-1 certificates: depreciation in 2017 OBSO-1701-01 - info 2017-01-03 2017-01-03
Vulnerability in Objective Systems ASN1C (CVE-2016-5080) 16-0020 CVE-2016-5080 CWE-190 critical 2016-12-02 2016-12-02
Dirty Cow: Linux Kernel MAP_PRIVATE COW Flag Breakage Race Condition (CVE-2016-5195) OBSO-1611-01 CVE-2016-5195 medium 2016-11-07 2018-06-01
MiCollab Client Web Portal Call Service Vulnerability 16-0018 CWE-284 low 2016-11-04 2016-11-04
MiCollab Desktop Client Bypasses Windows Firewall 16-0016 CWE-264 medium 2016-11-04 2016-11-04
Unrestricted File Upload in MiCollab AWV 16-0015 CWE-434 medium 2016-11-04 2016-11-04
Leap Second on 2016-12-31 – Security Note for Unify Products OBSO-1610-03 - medium 2016-10-27 2016-10-27
CVE-2016-5195: Linux Kernel Privilege Escalation 16-0019 CVE-2016-5195 high 2016-10-27 2016-12-06
ISC BIND Nameserver Denial of Service Vulnerabilities (CVE-2016-2776/CVE-2016-2848) OBSO-1610-02 CVE-2016-2776, CVE-2016-2848 medium 2016-10-25 2016-10-25
OpenScape Xpressions – Information Exposure Vulnerability Through HTTP GET Method at Web Assistant Interface OBSO-1610-01 - medium 2016-10-18 2016-10-18
Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93 16-0014 CVE-2016-7979 CVE-2016-4957 CVE-2016-4956 CVE-2016-4954 CVE-2016-4953 CVE-2016-2518 CVE-2016-2106 CVE-2016-1548 CVE-2016-1547 CVE-2016-1550 high 2016-08-02 2016-08-02
httpoxy: A CGI Application Vulnerability Affecting Multiple Web Application Languages and Services OBSO-1607-01 - info 2016-07-21 2016-07-27
Multiple Vulnerabilities in OpenSSL 16-0013 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 CVE-2016-2842 high 2016-07-05 2016-07-05
Ready to talk to sales? Contact us.