Mitel Product Security Advisory 20-0003

Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability

Advisory ID: 20-0003

First Issue Date: 2020-03-02

Last Updated: 2020-03-02

Revision: 1.0

Summary

A vulnerability in the Software Development Kit of the Mitel MiContact Center Business with Site Based Security could allow an authenticated user access to sensitive information. A successful exploit could allow unauthorized access to user conversations.

Mitel is recommending that customers with affected product versions, update to release 9.0.1.0 and apply hotfix 496276.

Affected Products

Security Bulletins are being issued for the following products:

Product Name	Product Versions	Fixed Product Version	Last Updated
MiContact Center Business	Versions with Site-Based Security - Release 8.0 and higher	20-0003-01	2020-03-02

Risk Assessment

The risk from this vulnerability is constrained to systems configured for site-based security and is rated as Low. Refer to the product Security Bulletins for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued a new hotfix, 496276, to be applied to the 9.0.1.0 releases of the affected software. Customers are advised to update their software to 9.0.1.0 and apply the hotfix.

Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

External References

N/A

Related CVEs / CWEs / Advisories

CVE-2020-9379

Revision History

Version	Date	Description
1.0	2020-03-02	Initial version

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?