Americas
Europe
Oceania
800-722-1301
800-722-1301
Applications pour centre d'appels
Logiciel de collaboration
Systèmes de téléphonie professionnel
Appareils et accessoires
Avez-vous des questions ou des commentaires ?
800-722-1301
Votre besoin d'affaires
Votre secteur d'activité
La taille de votre entreprise
Nos services
Nos produits
Service client
Assistance aux Partenaires
Formation
Contactez nos commerciaux
Blog
À propos de Mitel
Carriere
Cas clients
Centre de ressources
Location FR: Canada (FR)
Advisory ID: 22-0002
Publish Date: 2022-04-19
Last Updated: 2022-06-28
Revision: 3.0
A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA) which could allow a malicious actor to perform remote code execution (CVE-2022-29499) within the context of the Service Appliance.
This vulnerability was privately reported to Mitel.
Mitel is recommending customers with affected product versions apply the available remediation.
Credit is given to Patrick Bennett of CrowdStrike for highlighting the issue and bringing to our attention.
Product Name | Product Version | Security Bulletin | Last Updated |
---|---|---|---|
MiVoice Connect (including earlier versions 14.2) | 19.2 SP3 and earlier | 22-0002-001 | 2022-04-21 |
The risk of this vulnerability is rated as Critical.
The vulnerability relates exclusively to deployments that include MiVoice Connect Service Appliances, SA 100, SA 400 and/or Virtual SA.
Refer to the product Security Bulletin ID: 22-0002-001 for additional statements regarding risk.
Customers are advised to implement the available remediation steps provided.
Customers are advised to review the product Security Bulletin ID: 22-0002-001. For additional information, contact Product Support.
Version | Date | Description |
---|---|---|
1.0 | 2022-04-19 | Initial version |
2.0 | 2022-04-21 | Updated product bulletin with revised Mitel Knowledge Base link |
3.0 | 2022-06-28 | Clarified wording for recommended action |