Bulletins de sécurité

Avis de sécurité

Les avis de sécurité des produits Mitel sont publiés en cas de problèmes de sécurité de niveau modéré à élevé. Chaque avis fournit des renseignements sur l'état d'avancement de l'enquête ainsi que des renseignements supplémentaires sur les produits dont il est confirmé qu'ils sont affectés et sur les mesures recommandées à prendre par les clients. Les avis sont publiés dans l'ordre chronologique inverse.

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.

Ces informations sont fournies sur la base "en l'état" et n'offrent ni n'impliquent aucune garantie, y compris les garanties de qualité marchande ou d'aptitude à un usage particulier. Mitel ne garantit pas que l'information est exacte ou à jour. En utilisant l'information, vous reconnaissez et acceptez que l'utilisation de l'information, ou des documents ou matériaux liés à cette information, est à vos propres risques. De plus, le fait que Mitel fournisse ces renseignements n'a aucune incidence sur les modalités de toute entente conclue avec Mitel. Mitel se réserve le droit de modifier ou de mettre à jour cette information sans préavis en tout temps.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›

Description	Advisory ID	CVE#	Publish Date	Last Updated
Mitel MiCollab Authorization Control Vulnerability	22-0009	CVE-2022-41326	2022-10-12	2022-10-12
MiVoice Connect Code Injection Vulnerability	22-0008	CVE-2022-41223	2022-10-12	2022-10-13
MiVoice Connect Command Injection Vulnerability	22-0007	CVE-2022-40765	2022-10-12	2022-10-13
Mitel MiCollab Multiple Security Vulnerabilities	22-0006	CVE-2022-36451 CVE-2022-36452 CVE-2022-36453 CVE-2022-36454	2022-07-27	2022-08-29
MiVoice Business, MiVoice Business Express Buffer Overflow Vulnerability	22-0005	CVE-2022-31784	2022-06-08	2022-06-08
Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability	22-0004	CVE-2022-29855	2022-05-03	2022-05-03
Mitel 6900 Series IP Phone Access Control Vulnerability	22-0003	CVE-2022-29854	2022-05-03	2022-05-12
MiVoice Connect Data Validation Vulnerability	22-0002	CVE-2022-29499	2022-04-19	2022-07-06
MiCollab, MiVoice Business Express Access Control Vulnerability	22-0001	CVE-2022-26143	2022-02-22	2022-03-11
Vulnerability in Apache Log4j Libraries Affecting Mitel Products	21-0010	CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307	2021-12-13	2022-11-16
Mitel Interaction Call Recording Vulnerability	21-0006	CVE-2021-37586	2021-08-02	2021-08-02
Mitel MiCollab Multiple Security Vulnerabilities	21-0005	CVE-2021-32067 CVE-2021-32072 CVE-2021-32068 CVE-2021-32071 CVE-2021-32069 CVE-2021-32070	2021-05-24	2021-05-24
Mitel MiCollab Multiple Security Vulnerabilities	21-0004	CVE-2021-27402 CVE-2021-27401	2021-03-09	2021-03-09
Mitel MiContact Center Enterprise - Directory Traversal Vulnerability	21-0003	CVE-2021-26714	2021-02-16	2021-02-16
Mitel MiContact Center Business Access Token Vulnerability	21-0002	CVE-2021-3352	2021-02-10	2021-02-10
Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability	21-0001	CVE-2021-3176	2021-01-25	2021-01-25
Mitel MiCollab NuPoint Messenger Unauthenticated Access Vulnerability	20-0016	CVE-2020-35547	2020-12-29	2020-12-29
Mitel MiCollab Multiple Security Vulnerabilities	20-0015	CVE-2020-25606 CVE-2020-25608 CVE-2020-25609 CVE-2020-25610 CVE-2020-25611 CVE-2020-25612 CVE-2020-27340	2020-11-12	2020-11-02
Mitel MiVoice SIP and MiNet Phones Bluetooth Auto Pair Vulnerability	20-0014	CVE-2020-27639 CVE-2020-27640	2020-11-02	2020-11-02
Mitel MiVoice SIP, MiNet and DECT Phones Information Disclosure (KNOB) Vulnerability	20-0013	CVE-2019-9506	2020-11-02	2020-11-02
Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability	20-0012	CVE-2020-27154	2020-10-20	2020-10-20
Mitel MiContact Center Business Multiple Security Vulnerabilities	20-0011	CVE-2020-24692 CVE-2020-24693	2020-09-02	2020-09-02
Mitel MiCloud Management Portal Multiple Security Vulnerabilities	20-0010	CVE-2020-24592 CVE-2020-24593 CVE-2020-24594 CVE-2020-24595	2020-08-31	2020-08-31
Mitel Border Gateway update for a Buffer Overflow vulnerability in PPP Daemon	20-0009	CVE-2020-8597	2020-07-07	2020-07-07
Mitel MiVoice Connect Client - Remote Code Execution Vulnerability	20-0006	CVE-2020-12456	2020-06-01	2020-07-16
MiVoice Connect - Remote Code Execution and Weak Encryption Vulnerabilities	20-0004	CVE-2020-10211 CVE-2020-10377	2020-03-31	2020-03-31
Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability	20-0003	CVE-2020-9379	2020-03-02	2020-03-02
Microsoft changes to Default Security Settings for LDAP on Active Directory	20-0002	N/A	2020-02-17	2020-03-30
Mitel 6970 – Port Configuration Vulnerability	20-0001	N/A	2020-01-22	2020-01-22
Mitel SIP-DECT – Encryption key vulnerability	19-0009	CVE-2019-19891	2019-12-27	2019-12-27
Mitel MiVoice 6800/6900 SIP series phones key length vulnerability	19-0006	CVE-2019-18863	2019-11-22	2019-11-22
Linux Sudo Bypass of User Restrictions Vulnerability	19-0005	CVE-2019-14287	2019-11-12	2019-11-26
Certificat de sécurité de MiVoice Business 19 0004	19-0004	N/A	2019-08-28	2019-08-28
Mitel CMG Suite SQL Injection Vulnerability	19-0003	CVE-2018-18285 CVE-2018-18286	2019-03-29	2019-03-29
InAttend and CMG Suite Password Vulnerability	19-0002	CVE-2018-19275	2019-03-29	2019-03-29
Mitel MiVoice 6800 and 6900 SIP series phones weak authentication vulnerability	19-0001	N/A	2019-03-19	2019-03-19
MiCollab Authorization Vulnerability	18-0012	CVE-2018-18819	2018-10-31	2018-10-31
MiCollab SQL Injection and Stored XSS vulnerabilities	18-0011	N/A	2018-10-31	2018-10-31
Apache Struts 2 Remote Code Execution Vulnerability	18-0010	CVE-2018-11776	2018-10-31	2018-10-31
MiVoice 5300 IP Series Phone Denial of Service Vulnerability	18-0009	CVE-2018-15497	2018-09-25	2018-09-25
MiVoice Office 400 Reflected XSS Vulnerability	18-0008	CVE-2018-16226	2018-09-04	2018-09-04
ST 14.2 Reflected XSS Vulnerability	18-0007	CVE-2018-12901	2018-09-04	2018-09-04
Side-Channel Analysis, Spectre Variant 4 and 3a	18-0006	CVE-2018-3640	2018-05-23	2018-06-26
Mitel for Salesforce XSS Vulnerability	18-0005	N/A	2018-03-06	2018-03-06
Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities	18-0004	CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251	2018-03-06	2018-03-06
MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities	18-0003	CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104	2018-01-31	2018-01-31
XML External Entity (XXE) Vulnerability in MiCollab AWV	18-0002	CWE-918	2018-01-31	2018-01-31
Side-Channel Analysis Vulnerabilities	18-0001	CVE-2017-5715 CVE-2017-5753 CVE-2017-5754	2018-01-08	2018-05-08
SSRF/XSPA Vulnerability in MiContact Center Business	17-0012	CWE-918	2017-12-08	2017-12-08
Vulnerability in MiCollab Microsoft Outlook Plugin	17-0011	N/A	2017-10-30	2017-10-30
Multiple Vulnerabilities in MiCollab and MiCollab AWV	17-0010	CWE-20 CWE-79 CWE-93 CWE-307	2017-09-14	2017-09-14
SMB1 Remote Code Execution	17-0009	CWE-306 CWE-862	2017-06-05	2017-06-05
OpenSSL Vulnerabilities in MiCollab Desktop Applications	17-0008	CVE-2016-2183 CVE-2014-0160	2017-06-05	2017-06-05
Unauthorized Access to MiCollab Client	17-0006	CWE-306 CWE-862	2017-06-05	2017-06-05
WannaCry Ransomware Attack	17-0007	N/A	2017-05-23	2017-05-23
Apache Struts Remote Code Execution Vulnerability CVE-2017-5638	17-0004	CVE-2017-5638	2017-03-20	2017-03-20
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360)	17-0003	CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864	2017-02-15	2017-04-03
Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360)	17-0002	CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864	2017-02-15	2017-02-15
Misuse / Potential Compromise of Certain Mitel Product Certificates	17-0001	CWE-321	2017-02-09	2017-04-03
Vulnerability in Objective Systems ASN1C (CVE-2016-5080)	16-0020	CVE-2016-5080 CWE-190	2016-12-02	2016-12-02
MiCollab Client Web Portal Call Service Vulnerability	16-0018	CWE-284	2016-11-04	2016-11-04
MiCollab Desktop Client Bypasses Windows Firewall	16-0016	CWE-264	2016-11-04	2016-11-04
Unrestricted File Upload in MiCollab AWV	16-0015	CWE-434	2016-11-04	2016-11-04
CVE-2016-5195: Linux Kernel Privilege Escalation	16-0019	CVE-2016-5195	2016-10-27	2016-12-06
Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93	16-0014	CVE-2016-7979 CVE-2016-4957 CVE-2016-4956 CVE-2016-4954 CVE-2016-4953 CVE-2016-2518 CVE-2016-2106 CVE-2016-1548 CVE-2016-1547 CVE-2016-1550	2016-08-02	2016-08-02
Multiple Vulnerabilities in OpenSSL	16-0013	CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 CVE-2016-2842	2016-07-05	2016-07-05
XSS Vulnerability in MiCollab AWV	16-0012	N/A	2016-06-03	2016-06-03
Multiple Vulnerabilities in ImageMagick	16-0011	CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718	2016-05-09	2016-06-03
Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000	16-0009	N/A	2016-03-18	2016-03-18
DROWN (OpenSSL vulnerability) - CVE-2016-0800	16-0008	CVE-2016-0800	2016-03-07	2016-03-07
XSS vulnerability in MiCC 7.x	16-0005	N/A	2016-03-07	2016-03-07
NTPD Vulnerabilities	16-0004	CVE-2015-8138	2016-03-07	2016-05-02
glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547)	16-0007	CVE-2015-7547	2016-02-25	2016-05-02
OpenSSH Client Vulnerabilities	16-0003	CVE-2016-0777 CVE-2016-0778	2016-02-01	2016-02-01
Multiple Weaknesses in Mitel 6700/6800 series SIP phones	16-0002	N/A	2016-02-01	2016-02-01
SQL Injection Vulnerability in MiCollab	16-0001	N/A	2016-02-01	2016-02-01
Java Deserialization Vulnerability	15-0013	N/A	2015-12-04	2016-02-01
Multiple Oracle Java Vulnerabilities	15-0012	CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911	2015-12-04	2016-05-02
Security Advisory for MiCC	15-0007	N/A	2015-11-04	2015-11-04
OpenSSH: authentication limitsbypass (CVE-2015-5600)	15-0009	CVE-2015-5600	2015-09-04	2015-09-04
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793)	15-0008	CVE-2015-1793	2015-07-31	2015-07-31
CGI Flaw in MiCollab AWV	15-0006	N/A	2015-07-31	2015-07-31
Weakness in Diffie-Hellman key exchange / Logjam	15-0004	CVE-2015-1716 CVE-2015-4000	2015-07-31	2015-09-29

Recherche

Sélectionnez la région/le pays/la langue

Americas

Europe

Oceania

Avis de sécurité

Prêt à discuter ? Contactez-nous.