CGI Flaw in MiCollab AWV

Advisory ID: 15-0004

Publish Date: 2015-07-31
Updated: 2015-09-29
Revision: v1.4


A vulnerability has been identified in a CGI script in MiCollab Audio, Web and Video conferencing (AWV) /Mitel Collaboration Advanced (MCA).

Detailed Description

A CGI script responsible for handling user-supplied data has been identified as vulnerable to attack. Should the vulnerability be successfully exploited, an attacker could execute arbitrary commands with escalated (non-root) privileges, allowing for access to system files and services.

Affected Products

The following products are confirmed to be affected:

Product Name  Versions  Security Bulletin
Last Updated
MiCollab (physical MAS)
6.x 5.x 4.x 15-0006-001 2015-07-31 
MiCollab (vMAS)
6.x 5.x 4.x
MiVoice Business Express (MiVB-X) 6.x 5.x    


Risk Assessment

The risk of exploiting such vulnerabilities is moderate. An overall CVSS score of 6.4 has been assigned.

Mitigation / Recommended Action

Refer to the security bulletin for steps to mitigate the threat.


Patches are available for versions 6.x and 5.x of the affected products. Refer to security bulletin 15-0006-001 for additional information.

External References


Ready to talk to sales? Contact us.