Mitel Product Security Advisory

CGI Flaw in MiCollab AWV

Advisory ID: 15-0004

Publish Date: 2015-07-31
Updated: 2015-09-29
Revision: v1.4

Summary

A vulnerability has been identified in a CGI script in MiCollab Audio, Web and Video conferencing (AWV) /Mitel Collaboration Advanced (MCA).

Detailed Description

A CGI script responsible for handling user-supplied data has been identified as vulnerable to attack. Should the vulnerability be successfully exploited, an attacker could execute arbitrary commands with escalated (non-root) privileges, allowing for access to system files and services.

Affected Products

The following products are confirmed to be affected:

Product Name

Versions

Security Bulletin

Last Updated

MiCollab (physical MAS)

6.x 5.x 4.x

15-0006-001

2015-07-31

MiCollab (vMAS)

6.x 5.x 4.x

MiVoice Business Express (MiVB-X)

6.x 5.x

Risk Assessment

The risk of exploiting such vulnerabilities is moderate. An overall CVSS score of 6.4 has been assigned.

Mitigation / Recommended Action

Refer to the security bulletin for steps to mitigate the threat.

Solution

Patches are available for versions 6.x and 5.x of the affected products. Refer to security bulletin 15-0006-001 for additional information.

External References

n/a

Pourquoi choisir Mitel

Produits et Services

Partenaires

Clients

Ressources

Nos secteurs d'expertise

Taille d’Entreprise

Les besoins de votre entreprise

Produits

Services

Partenaire avec Mitel

Aide aux partenaires

Formations pour les partenaires

Mitel Solutions Alliance

Développeurs CloudLink

CLIMB

Ressources pour les clients

Développer les capacités

Carrières

Communiqués de presse

Centre de documentation technique

Avis de sécurité

Blog

Centre de ressources

Santé

Finance

Administrations Publiques

Hôtellerie

Education

Systèmes et solutions téléphoniques d'entreprise

Collaboration

Contact Center

Téléphones et accessoires

Mission critique et solutions verticales

Phases du cycle de vie

À la une

CGI Flaw in MiCollab AWV

Prêt à parler aux ventes ? Contactez-nous.