Security Advisories

Mitel Product Security Advisories are published for moderate and high-risk security issues.  Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers.  Advisories are posted in reverse chronological order.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

For more comprehensive details on Mitel’s Product Security Policy, visit www.mitel.com/mitel-product-security-policy.  

Description Advisory ID Publish Date Last Updated
Vulnerability in Objective Systems ASN1C (CVE-2016-5080) 16-0020 2016-12-02 2016-12-02
CVE-2016-5196: Linux Kernel Privilege Escalation 16-0019 2016-10-27 2016-12-06
MiCollab Client Web Portal Call Service Vulnerability 16-0018 2016-11-04 2016-11-04
MiCollab Desktop Client Bypasses Windows Firewall 16-0016 2016-11-04 2016-11-04
Unrestricted File Upload in MiCollab AWV 16-0015 2016-11-04 2016-11-04
Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93 16-0014 2016-08-02 2016-08-02
Multiple Vulnerabilities in OpenSSL 16-0013 2016-07-05 2016-07-05
XSS Vulnerability in MiCollab AWV 16-0012 2016-06-03 2016-06-03
Multiple Vulnerabilities in ImageMagick 16-0011 2016-05-09 2016-06-03
Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000 16-0009 2016-03-18 2016-03-18
DROWN (OpenSSL vulnerability) - CVE-2016-0800 16-0008 2016-03-07 2016-03-07
glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547) 16-0007 2016-02-25 2016-05-02
XSS vulnerability in MiCC 7.x 16-0005 2016-03-07 2016-03-07
NTPD Vulnerabilities 16-0004 2016-03-07 2016-05-02
OpenSSH Client Vulnerabilities 16-0003 2016-02-01 2016-02-01
Multiple Weaknesses in Mitel 6700/6800 series SIP phones 16-0002 2016-02-01 2016-02-01
SQL Injection Vulnerability in MiCollab 16-0001 2016-02-01 2016-02-01
Java Deserialization Vulnerability 15-0013 2015-12-04 2016-02-01
Multiple Oracle Java Vulnerabilities 15-0012 2015-12-04 2016-05-02
Security Advisory for MiCC 15-0007 2015-11-04 2015-11-04
OpenSSH: authentication limits bypass (CVE-2015-5600) 15-0009 2015-09-04 2015-09-04
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) 15-0008 2015-07-31 2015-07-31
CGI Flaw in MiCollab AWV 15-0006 2015-07-31 2015-07-31
Weakness in Diffie-Hellman key exchange / Logjam 15-0004 2015-07-31 2015-09-29