SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›

Description  Advisory
ID  
Publish
Date 
Last
Updated
 
MiVoice 5300 IP Series Phone Denial of Service Vulnerability  18-0009  2018-09-25  2018-09-25 
MiVoice Office 400 Reflected XSS Vulnerability  18-0008  2018-09-04   2018-09-04  
ST 14.2 Reflected XSS Vulnerability  18-0007  2018-09-04  2018-09-04 
Side-Channel Analysis, Spectre Variant 4 and 3a 18-0006 2018-05-23 2018-06-26
Mitel for Salesforce XSS Vulnerability  18-0005   2018-03-06  2018-03-06 
Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities  18-0004  2018-03-06  2018-03-06 
MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities 18-0003  2018-01-31  2018-01-31 
XML External Entity (XXE) Vulnerability in MiCollab AWV  18-0002  2018-01-31  2018-01-31 
Side-Channel Analysis Vulnerabilities  18-0001  2018-01-08  2018-05-08 
SSRF/XSPA Vulnerability in MiContact Center Business  17-0012  2017-12-08   2017-12-08  
Vulnerability in MiCollab Microsoft Outlook Plugin   17-0011  2017-10-30   2017-10-30 
Multiple Vulnerabilities in MiCollab and MiCollab AWV
17-0010  2017-09-14   2017-09-14
SMB1 Remote Code Execution   17-0009  2017-06-05  2017-06-05 
OpenSSL Vulnerabilities in MiCollab Desktop Applications  17-0008  2017-06-05  2017-06-05 
WannaCry Ransomware Attack 17-0007  2017-05-23  2017-05-23 
Unauthorized Access to MiCollab Client  17-0006  2017-06-05   2017-06-05  
Apache Struts Remote Code Execution Vulnerability CVE-2017-5638  17-0004  2017-03-20  2017-03-20 
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360)  17-0003  2017-02-15  2017-04-03 
Privilege Escalation / Remote Code Execution Vulnerability
in MiVoice Conference/Video Phone (UC360) 
17-0002  2017-02-15  2017-02-15 
Misuse / Potential Compromise of Certain Mitel Product Certificates  17-0001  2017-02-09  2017-04-03 
Vulnerability in Objective Systems ASN1C (CVE-2016-5080)  16-0020   2016-12-02  2016-12-02 
CVE-2016-5195: Linux Kernel Privilege Escalation  16-0019  2016-10-27  2016-12-06 
MiCollab Client Web Portal Call Service Vulnerability  16-0018  2016-11-04  2016-11-04 
MiCollab Desktop Client Bypasses Windows Firewall  16-0016  2016-11-04  2016-11-04 
Unrestricted File Upload in MiCollab AWV   16-0015  2016-11-04  2016-11-04 
Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93  16-0014  2016-08-02  2016-08-02 
Multiple Vulnerabilities in OpenSSL  16-0013  2016-07-05  2016-07-05 
XSS Vulnerability in MiCollab AWV  16-0012  2016-06-03  2016-06-03 
Multiple Vulnerabilities in ImageMagick  16-0011  2016-05-09  2016-06-03 
Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000  16-0009 2016-03-18   2016-03-18 
DROWN (OpenSSL vulnerability) - CVE-2016-0800  16-0008  2016-03-07   2016-03-07 
glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547)   16-0007  2016-02-25  2016-05-02 
XSS vulnerability in MiCC 7.x  16-0005
2016-03-07  2016-03-07
NTPD Vulnerabilities  16-0004
2016-03-07  2016-05-02 
OpenSSH Client Vulnerabilities 16-0003  2016-02-01  2016-02-01 
Multiple Weaknesses in Mitel 6700/6800 series SIP phones 16-0002  2016-02-01  2016-02-01 
SQL Injection Vulnerability in MiCollab  16-0001  2016-02-01  2016-02-01 
Java Deserialization Vulnerability  15-0013  2015-12-04  2016-02-01 
Multiple Oracle Java Vulnerabilities  15-0012  2015-12-04  2016-05-02 
Security Advisory for MiCC  15-0007  2015-11-04  2015-11-04 
OpenSSH: authentication limits bypass (CVE-2015-5600)  15-0009   2015-09-04  2015-09-04 
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793)  15-0008  2015-07-31  2015-07-31 
CGI Flaw in MiCollab AWV  15-0006  2015-07-31  2015-07-31 
Weakness in Diffie-Hellman key exchange / Logjam  15-0004  2015-07-31   2015-09-29 

Ready to talk to sales? Contact us.
61 2 9023 9500 Email Us