Mitel Product Security Advisory 16-0015

Unrestricted File Upload in MiCollab AWV

Advisory ID: 16-0015
Publish Date: 2016-11-04
Revision: 1.0

Summary

The document upload feature in conferences does not validate or restrict the files that a valid user can upload.

Detailed Description

AWV provides a conference leader with an option of uploading documents to the server prior to or during a conference. This particular feature is vulnerable to attack where a malicious user could upload an executable script, which could then be used to gain access to other system files

Affected Products

The following products were identified as affected:

Product Name	Product Versions	Security Bulletin	Last Updated
MiCollab AWV	AWV 6.x AWV 5.x	16-0015-001	2016-11-04

Risk Assessment

This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0, with a moderate level of risk. Refer to the Security Bulletin above for additional information.

Mitigation / Recommended Action

Administrators of affected product versions should ensure that only trusted users are granted permissions to upload files to MiCollab conferences.

External References

https://cwe.mitre.org/data/definitions/434.html

Related CVEs

CWE-434

Search

Selecteer uw taal

Americas

Europe

Oceania

Unrestricted File Upload in MiCollab AWV

Neem contact op met Mitel