Security Advisories

SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›

Description	Advisory ID	CVE#	Severity	Publish Date	Last Updated
OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in web-based management (CVE-2014-7950)	OBSO-1410-01	CVE-2014-7950	high	2014-10-10	2014-10-10
Bash – Remote Command Injection Vulnerability “Shellshock” (CVE-2014-6271/CVE-2014 7169 et al.)	OBSO-1409-01	CVE-2014-6271, CVE-2014 7169	high	2014-09-27	2015-07-28
Java in Unify products – RSA private key timing attack vulnerability (CVE-2014-4244) and failure to validate public Diffie-Hellman parameters (CVE-2014-4263)	OBSO-1408-04	CVE-2014-4244, CVE-2014-4263	low	2014-08-26	2015-08-21
OpenScape Web Collaboration – Two Cross Site Scripting (XSS) vulnerabilities	OBSO-1408-03	-	medium	2014-08-25	2014-08-25
OpenScape Deployment Service – Hardening of the TLS-based Workpoint Interface	OBSO-1408-02	-	info	2014-08-22	2015-01-31
openSSL TLS Client Denial of Service vulnerability (CVE-2014-3509)	OBSO-1408-01	CVE-2014-3509	low	2014-08-12	2014-09-26
NTP Distributed Reflection Denial-of-Service (DRDoS) attack via the monlist feature (CVE-2013-5211)	OBSO-1407-01	CVE-2013-5211	medium	2014-07-25	2014-07-25
OpenStage / OpenScape Desk Phone IP – Information Exposure Vulnerability in web-based management	OBSO-1407-03	-	medium	2014-07-24	2014-07-24
HiPath 4000 V6 – Security Updates for the Gateway Web Interface	OBSO-1407-02	-	medium	2014-07-23	2014-07-23
openSSL ChangeCipherSpec Injection Vulnerability (CVE-2014-0224) and FLUSH+RELOAD Cache Side-channel Attack (CVE-2014-0076)	OBSO-1406-01	CVE-2014-0224, CVE-2014-0076	medium	2014-06-06	2015-07-28
Impact of the “Heartbleed” vulnerability to third-party products (CVE-2014-0160)	OBSO-1404-02-A	CVE-2014-0160	info	2014-04-18	2014-05-02
openSSL “Heartbleed” Vulnerability (CVE-2014-0160)	OBSO-1404-02	CVE-2014-0160	medium	2014-04-11	2014-05-02
OpenScape Deployment Service – Blind SQL Injection Vulnerability (CVE-2014-2652)	OBSO-1404-01	CVE-2014-2652	medium	2014-04-11	2014-04-11
OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in WPI Default Mode (CVE-2014-2651)	OBSO-1403-02	CVE-2014-2651	high	2014-03-28	2014-03-28
OpenStage / OpenScape Desk Phone IP (SIP) – OS command Injection Vulnerability in web-based management (CVE-2014-2650)	OBSO-1403-01	CVE-2014-2650	high	2014-03-28	2014-03-28
Mediatrix 4400 Series – Cross-site scripting (XSS) vulnerability (CVE-2014-1612)	OBSO-1402-01	CVE-2014-1612	medium	2014-02-07	2014-02-07
OpenScape UC Applications – Cross-site Scripting Vulnerability	OBSO-1401-05	-	medium	2014-01-31	2014-01-31
OpenScape Deployment Service – SQL Injection Vulnerability	OBSO-1401-04	-	high	2014-01-31	2014-01-31
HiPath 4000/OpenScape 4000 – Unauthenticated write access to file system	OBSO-1401-03	-	medium	2014-01-31	2014-01-31
Informational – Expiry of Default Root CA Certificate in OpenScape Solutions	OBSO-1401-02	-	info	2014-01-28	2014-01-28

Description

Advisory ID

CVE#

Severity

Publish Date

Last Updated

OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in web-based management (CVE-2014-7950)

OBSO-1410-01

CVE-2014-7950

high

2014-10-10

Bash – Remote Command Injection Vulnerability “Shellshock” (CVE-2014-6271/CVE-2014 7169 et al.)

OBSO-1409-01

CVE-2014-6271, CVE-2014 7169

high

2014-09-27

2015-07-28

Java in Unify products – RSA private key timing attack vulnerability (CVE-2014-4244) and failure to validate public Diffie-Hellman parameters (CVE-2014-4263)

OBSO-1408-04

CVE-2014-4244, CVE-2014-4263

low

2014-08-26

2015-08-21

OpenScape Web Collaboration – Two Cross Site Scripting (XSS) vulnerabilities

OBSO-1408-03

medium

2014-08-25

OpenScape Deployment Service – Hardening of the TLS-based Workpoint Interface

OBSO-1408-02

info

2014-08-22

2015-01-31

openSSL TLS Client Denial of Service vulnerability (CVE-2014-3509)

OBSO-1408-01

CVE-2014-3509

low

2014-08-12

2014-09-26

NTP Distributed Reflection Denial-of-Service (DRDoS) attack via the monlist feature (CVE-2013-5211)

OBSO-1407-01

CVE-2013-5211

medium

2014-07-25

OpenStage / OpenScape Desk Phone IP – Information Exposure Vulnerability in web-based management

OBSO-1407-03

medium

2014-07-24

HiPath 4000 V6 – Security Updates for the Gateway Web Interface

OBSO-1407-02

medium

2014-07-23

openSSL ChangeCipherSpec Injection Vulnerability (CVE-2014-0224) and FLUSH+RELOAD Cache Side-channel Attack (CVE-2014-0076)

OBSO-1406-01

CVE-2014-0224, CVE-2014-0076

medium

2014-06-06

2015-07-28

Impact of the “Heartbleed” vulnerability to third-party products (CVE-2014-0160)

OBSO-1404-02-A

CVE-2014-0160

info

2014-04-18

2014-05-02

openSSL “Heartbleed” Vulnerability (CVE-2014-0160)

OBSO-1404-02

CVE-2014-0160

medium

2014-04-11

2014-05-02

OpenScape Deployment Service – Blind SQL Injection Vulnerability (CVE-2014-2652)

OBSO-1404-01

CVE-2014-2652

medium

2014-04-11

OpenStage / OpenScape Desk Phone IP – Authentication Bypass Vulnerability in WPI Default Mode (CVE-2014-2651)

OBSO-1403-02

CVE-2014-2651

high

2014-03-28

OpenStage / OpenScape Desk Phone IP (SIP) – OS command Injection Vulnerability in web-based management (CVE-2014-2650)

OBSO-1403-01

CVE-2014-2650

high

2014-03-28

Mediatrix 4400 Series – Cross-site scripting (XSS) vulnerability (CVE-2014-1612)

OBSO-1402-01

CVE-2014-1612

medium

2014-02-07

OpenScape UC Applications – Cross-site Scripting Vulnerability

OBSO-1401-05

medium

2014-01-31

OpenScape Deployment Service – SQL Injection Vulnerability

OBSO-1401-04

high

2014-01-31

HiPath 4000/OpenScape 4000 – Unauthenticated write access to file system

OBSO-1401-03

medium

2014-01-31

Informational – Expiry of Default Root CA Certificate in OpenScape Solutions

OBSO-1401-02

info

2014-01-28

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?

Why MItel

Products & Services

Partners

Customers

Resources

Industries We Serve

Business Size

Products

Services

Partnering with Mitel

Partner Support

Partner Training

Mitel Solutions Alliance

CloudLink Developers

Customer Resources

Expanding Capabilities

Careers

Press Releases

Technical Document Center

Security Advisories

Blog

Resource Center

Healthcare

Financial Services

Government

Hospitality

Education

Business Phone Systems

Collaboration and Meetings

Contact Center

Phones and Accessories

By Lifecycle Phase

Featured

SECURITY ADVISORIES

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Stay One Step Ahead

Ready to talk to sales? Contact us.