Schulung
LOGIN PORTAL
Americas
Oceania
Kommunikationssysteme
Zusammenarbeit
Contact Center
Telefone und Zubehör
Anwendungen und Entwickler
Ihr Geschäftsbedarf
Ihre Branche
Ihre Unternehmensgröße
Unsere Services
Unsere Produkte
Kundensupport
Partner Support
Schulung
Kontakt Verkauf
Blog
Über Mitel
Karriere
Kundenreferenzen
Informationscenter
Standort: Deutschland
Advisory ID: 16-0015
Publish Date: 2016-11-04
Revision: 1.0
Summary
The document upload feature in conferences does not validate or restrict the files that a valid user can upload.
Detailed Description
AWV provides a conference leader with an option of uploading documents to the server prior to or during a conference. This particular feature is vulnerable to attack where a malicious user could upload an executable script, which could then be used to gain access to other system files
Affected Products
The following products were identified as affected:
Product Name | Product Versions | Security Bulletin | Last Updated |
MiCollab AWV | AWV 6.x AWV 5.x |
16-0015-001 | 2016-11-04 |
Risk Assessment
This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0, with a moderate level of risk. Refer to the Security Bulletin above for additional information.
Mitigation / Recommended Action
Administrators of affected product versions should ensure that only trusted users are granted permissions to upload
files to MiCollab conferences.
External References
https://cwe.mitre.org/data/definitions/434.html
CWE-434