Mitel Product Security Advisory 16-0015

Unrestricted File Upload in MiCollab AWV

Advisory ID: 16-0015
Publish Date: 2016-11-04
Revision: 1.0

Summary

The document upload feature in conferences does not validate or restrict the files that a valid user can upload.

Detailed Description

AWV provides a conference leader with an option of uploading documents to the server prior to or during a conference. This particular feature is vulnerable to attack where a malicious user could upload an executable script, which could then be used to gain access to other system files

Affected Products

The following products were identified as affected:

Product Name	Product Versions	Security Bulletin	Last Updated
MiCollab AWV	AWV 6.x AWV 5.x	16-0015-001	2016-11-04

Risk Assessment

This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0, with a moderate level of risk. Refer to the Security Bulletin above for additional information.

Mitigation / Recommended Action

Administrators of affected product versions should ensure that only trusted users are granted permissions to upload files to MiCollab conferences.

External References

https://cwe.mitre.org/data/definitions/434.html

Related CVEs

CWE-434

Pourquoi choisir Mitel

Produits et Services

Partenaires

Clients

Ressources

Nos secteurs d'expertise

Taille d’Entreprise

Les besoins de votre entreprise

Produits

Services

Partenaire avec Mitel

Aide aux partenaires

Formations pour les partenaires

Mitel Solutions Alliance

Développeurs CloudLink

CLIMB

Ressources pour les clients

Développer les capacités

Carrières

Communiqués de presse

Centre de documentation technique

Avis de sécurité

Blog

Centre de ressources

Santé

Finance

Administrations Publiques

Hôtellerie

Education

Systèmes et solutions téléphoniques d'entreprise

Collaboration

Contact Center

Téléphones et accessoires

Mission critique et solutions verticales

Phases du cycle de vie

À la une

Unrestricted File Upload in MiCollab AWV

Prêt à parler aux ventes ? Contactez-nous.