Mitel Product Security Advisory 20-0003

Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability

Advisory ID: 20-0003

First Issue Date: 2020-03-02

Last Updated: 2020-03-02

Revision: 1.0

 

Summary

A vulnerability in the Software Development Kit of the Mitel MiContact Center Business with Site Based Security could allow an authenticated user access to sensitive information. A successful exploit could allow unauthorized access to user conversations.

Mitel is recommending that customers with affected product versions, update to release 9.0.1.0 and apply hotfix 496276.

 

Affected Products

Security Bulletins are being issued for the following products:

Product Name Product Versions Fixed Product Version Last Updated
MiContact Center Business Versions with Site-Based Security - Release 8.0 and higher 20-0003-01 2020-03-02
 

Risk Assessment

The risk from this vulnerability is constrained to systems configured for site-based security and is rated as Low. Refer to the product Security Bulletins for additional statements regarding risk.

 

Mitigation / Recommended Action

Mitel has issued a new hotfix, 496276, to be applied to the 9.0.1.0 releases of the affected software. Customers are advised to update their software to 9.0.1.0 and apply the hotfix.

Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

 

External References

N/A

 

Related CVEs / CWEs / Advisories

CVE-2020-9379

 

Revision History

Version Date Description
1.0  2020-03-02 Initial version 
Neem contact op met Mitel
Vind een partner +32 2727 1811 Contact