Publish Date: 2015-07-31
A vulnerability has been identified in a CGI script in MiCollab Audio, Web and Video conferencing (AWV) /Mitel Collaboration Advanced (MCA).
A CGI script responsible for handling user-supplied data has been identified as vulnerable to attack. Should the vulnerability be successfully exploited, an attacker could execute arbitrary commands with escalated (non-root) privileges, allowing for access to system files and services.
The following products are confirmed to be affected:
|Product Name||Versions||Security Bulletin
|MiCollab (physical MAS)
||6.x 5.x 4.x||15-0006-001||2015-07-31|
||6.x 5.x 4.x||
|MiVoice Business Express (MiVB-X)||6.x 5.x|
The risk of exploiting such vulnerabilities is moderate. An overall CVSS score of 6.4 has been assigned.
Mitigation / Recommended Action
Refer to the security bulletin for steps to mitigate the threat.
Patches are available for versions 6.x and 5.x of the affected products. Refer to security bulletin 15-0006-001 for additional information.