Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides
information on the status of investigation and provides additional information on products confirmed to be affected
and recommended action to be taken by customers. Advisories are posted in reverse chronological order.
For Unify product portfolio customers looking for security advisory information about their applications, product security vulnerabilities are published at unify.com/en/support/security-advisories.
This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including
the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the
information is accurate or up to date. By using the information, you acknowledge and agree that your use of the
information, or the documents or materials linked to this information, is at your own risk. In addition,
Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement
with Mitel. Mitel reserves the right to change or update this information without notice at any time.
Click here for a more comprehensive details on Mitel’s Product Security Policy ›
Description | Advisory ID | CVE# | Severity | Publish Date | Last Updated |
---|---|---|---|---|---|
Mitel MiContact Center Enterprise - Directory Traversal Vulnerability | 21-0003 | CVE-2021-26714 | critical | 2021-02-16 | 2021-02-16 |
Mitel MiContact Center Business Access Token Vulnerability | 21-0002 | CVE-2021-3352 | critical | 2021-02-10 | 2021-02-10 |
Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability | 21-0001 | CVE-2021-3176 | high | 2021-01-25 | 2021-01-25 |
Mitel MiCollab NuPoint Messenger Unauthenticated Access Vulnerability | 20-0016 | CVE-2020-35547 | critical | 2020-12-29 | 2020-12-29 |
Mitel MiCollab Multiple Security Vulnerabilities | 20-0015 | CVE-2020-25606 CVE-2020-25608 CVE-2020-25609 CVE-2020-25610 CVE-2020-25611 CVE-2020-25612 CVE-2020-27340 | high to medium | 2020-11-12 | 2020-11-02 |
Mitel MiVoice SIP and MiNet Phones Bluetooth Auto Pair Vulnerability | 20-0014 | CVE-2020-27639 CVE-2020-27640 | high to medium | 2020-11-02 | 2020-11-02 |
Mitel MiVoice SIP, MiNet and DECT Phones Information Disclosure (KNOB) Vulnerability | 20-0013 | CVE-2019-9506 | high | 2020-11-02 | 2020-11-02 |
Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability | 20-0012 | CVE-2020-27154 | high | 2020-10-20 | 2020-10-20 |
Mitel MiContact Center Business Multiple Security Vulnerabilities | 20-0011 | CVE-2020-24692 CVE-2020-24693 | medium to low | 2020-09-02 | 2020-09-02 |
Mitel MiCloud Management Portal Multiple Security Vulnerabilities | 20-0010 | CVE-2020-24592 CVE-2020-24593 CVE-2020-24594 CVE-2020-24595 | medium to low | 2020-08-31 | 2020-08-31 |
Mitel Border Gateway update for a Buffer Overflow vulnerability in PPP Daemon | 20-0009 | CVE-2020-8597 | critical | 2020-07-07 | 2020-07-07 |
Mitel MiCollab Multiple Security Vulnerabilities | 20-0008 | CVE-2020-13863 CVE-2020-13767 | medium | 2020-06-25 | 2020-06-25 |
Mitel MiVoice 6800 and 6900 series SIP Phones - Memory Disclosure Vulnerability | 20-0007 | CVE-2020-13617 | high | 2020-06-02 | 2020-06-02 |
Mitel MiVoice Connect Client - Remote Code Execution Vulnerability | 20-0006 | CVE-2020-12456 | high | 2020-06-01 | 2020-07-16 |
MiCollab Multiple Security Vulnerabilities | 20-0005 | CVE-2020-11798 CVE-2020-11797 | high to medium | 2020-04-30 | 2020-04-30 |
MiVoice Connect - Remote Code Execution and Weak Encryption Vulnerabilities | 20-0004 | CVE-2020-10211 CVE-2020-10377 | critical | 2020-03-31 | 2020-03-31 |
Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability | 20-0003 | CVE-2020-9379 | medium | 2020-03-02 | 2020-03-02 |
Microsoft changes to Default Security Settings for LDAP on Active Directory | 20-0002 | N/A | medium | 2020-02-17 | 2020-03-30 |
Mitel 6970 – Port Configuration Vulnerability | 20-0001 | N/A | medium | 2020-01-22 | 2020-01-22 |
Mitel SIP-DECT – Encryption key vulnerability | 19-0009 | CVE-2019-19891 | medium | 2019-12-27 | 2019-12-27 |