Support
+31 88 235 6483
Zoek
Mitel.com
Document Center
Search Mitel
Search Documentation
+31 88 235 6483
Uw zakelijke behoefte
Uw branche
Organisatiegrootte
Onze diensten
Onze producten
Support voor klanten
Trainingen voor klanten
Partner support
Contact
Vragen of opmerkingen?
+31 88 235 6483
Blog
Over Mitel
Vacatures
Case studies
Resource center
Publish Date: 2015-07-31
Updated: 2015-09-29
Revision: v1.4
Summary
A vulnerability has been identified in a CGI script in MiCollab Audio, Web and Video conferencing (AWV) /Mitel Collaboration Advanced (MCA).
Detailed Description
A CGI script responsible for handling user-supplied data has been identified as vulnerable to attack. Should the vulnerability be successfully exploited, an attacker could execute arbitrary commands with escalated (non-root) privileges, allowing for access to system files and services.
Affected Products
The following products are confirmed to be affected:
| Product Name | Versions | Security Bulletin |
Last Updated |
| MiCollab (physical MAS) |
6.x 5.x 4.x | 15-0006-001 | 2015-07-31 |
| MiCollab (vMAS) |
6.x 5.x 4.x | |
|
| MiVoice Business Express (MiVB-X) | 6.x 5.x |
Risk Assessment
The risk of exploiting such vulnerabilities is moderate. An overall CVSS score of 6.4 has been assigned.
Mitigation / Recommended Action
Refer to the security bulletin for steps to mitigate the threat.
Solution
Patches are available for versions 6.x and 5.x of the affected products. Refer to security bulletin 15-0006-001 for additional information.
External References
n/a