Support
+32 2727 1811
Search
Mitel.com
Document Center
Search Mitel
Search Documentation
+32 2727 1811
Uw zakelijke behoefte
Uw branche
Organisatiegrootte
Onze diensten
Onze producten
Support voor klanten
Trainingen voor klanten
Partner support
Contact
Vragen of opmerkingen?
+32 2727 1811
Blog
Over Mitel
Vacatures
Case studies
Resource center
Advisory ID: 18-0008
First Issue Date: 2018-09-04
Last Updated: 2018-09-04
Revision: 1.0
Summary
A Reflected Cross Site Scripting (XSS) vulnerability has been identified in MiVoice Office 400. This vulnerability could lead to exposure of user information by allowing an unauthenticated, remote attacker to conduct an attack against the user of the web browser. An attacker who can convince a user to follow an attacker-supplied link that could execute arbitrary script or HTML code in the user’s browser.
This vulnerability was privately reported to Mitel. Mitel is not aware of customers that have been impacted by this vulnerability.
Mitel is recommending customers with affected product versions update to the latest release.
Credit is given to Noel Sofley, researcher Tribal Phoenix, for highlighting these issues and bringing these to our attention.
Affected Products
A Security Bulletin is being issued for the following product:
| Product Name | Product Versions | Security Bulletin | Last Updated |
| MiVoice Office 400 | R5.0 HF3 (v8839a1) and earlier | 18-0008-001 | 2018-09-04 |
Risk Assessment
The risk of these vulnerability is rated as moderate. Refer to the product Security Bulletin for additional statements regarding risk
Mitigation / Recommended Action
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
External References
n/a
Related CVEs / CWEs / Advisories
CVE-2018-16226
Revision History
| Version | Date | Description |
| 1.0 | 2018-09-04 | Initial version |
Attachment(s)