Mitel Product Security Advisory 16-0015

Unrestricted File Upload in MiCollab AWV

Advisory ID: 16-0015
Publish Date: 2016-11-04
Revision: 1.0

Summary

The document upload feature in conferences does not validate or restrict the files that a valid user can upload.

Detailed Description

AWV provides a conference leader with an option of uploading documents to the server prior to or during a conference. This particular feature is vulnerable to attack where a malicious user could upload an executable script, which could then be used to gain access to other system files

Affected Products

The following products were identified as affected:

Product Name	Product Versions	Security Bulletin	Last Updated
MiCollab AWV	AWV 6.x AWV 5.x	16-0015-001	2016-11-04

Risk Assessment

This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0, with a moderate level of risk. Refer to the Security Bulletin above for additional information.

Mitigation / Recommended Action

Administrators of affected product versions should ensure that only trusted users are granted permissions to upload files to MiCollab conferences.

External References

https://cwe.mitre.org/data/definitions/434.html

Related CVEs

CWE-434

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?

Search

Select your Region/Country/Language

Americas

Europe

Oceania

Unrestricted File Upload in MiCollab AWV

Stay One Step Ahead

Ready to talk to sales? Contact us.