Americas
Oceania
Sélectionnez la région / le pays / la langue
Advisory ID: 22-0005
Publish Date: 2022-06-08
Last Updated: 2022-06-08
Revision: 1.0
A buffer overflow vulnerability has been identified in the management interface of MiVoice Business and MiVoice Business Express which could allow arbitrary code execution.
This vulnerability was privately reported to Mitel.
Mitel is recommending customers with affected product versions apply the available remediation.
Credit is given to Exodus Intelligence (exodusintel.com) for highlighting the issue and bringing to our attention.
Product Name | Product Version | Security Bulletin | Last Updated |
---|---|---|---|
MiVoice Business | 9.3.0.27 and earlier | 22-0005-001 | 2022-06-08 |
MiVoice Business Express | 8.1.2.801 and earlier | 22-0005-001 | 2022-06-08 |
The risk of this vulnerability is rated as Critical for systems deployed with external access to the management interface. The risk is rated as High for systems where access to the management interface is restricted to protected networks.
Refer to the product Security Bulletin for additional statements regarding risk.
The risk may be mitigated by restricting network access to the management interface to only trusted sources.
Mitel has issued a new release of MiVoice Business as well as scripts for remediation. Customers are advised to apply the available remediation.
Customers are advised to review the product Security Bulletin ID: 22-0005-001. For additional information, contact Product Support.
Version | Date | Description |
---|---|---|
1.0 | 2022-06-08 | Initial Version |