Oplossingen

Zakelijke behoefte

Branche

Organisatiegrootte

Services

Onze producten

Support

Support voor klanten

Trainingen voor klanten

Partner Support

Contact

+31 88 235 6483

E-mail  |  Vind een partner

Learn

Blog

Over Mitel

Case studies

Resource Center

Zoek

Blog

Login

Locatie: Nederland

Selecteer uw locatie
Americas
Europe
Oceania

CGI Flaw in MiCollab AWV

Advisory ID: 15-0004

Publish Date: 2015-07-31
Updated: 2015-09-29
Revision: v1.4

Summary

A vulnerability has been identified in a CGI script in MiCollab Audio, Web and Video conferencing (AWV) /Mitel Collaboration Advanced (MCA).

Detailed Description

A CGI script responsible for handling user-supplied data has been identified as vulnerable to attack. Should the vulnerability be successfully exploited, an attacker could execute arbitrary commands with escalated (non-root) privileges, allowing for access to system files and services.

Affected Products

The following products are confirmed to be affected:

Product Name  Versions  Security Bulletin
 Last Updated
MiCollab (physical MAS)
 6.x 5.x 4.x 15-0006-001 2015-07-31 
MiCollab (vMAS)
 6.x 5.x 4.x
 
MiVoice Business Express (MiVB-X) 6.x 5.x    

 

Risk Assessment

The risk of exploiting such vulnerabilities is moderate. An overall CVSS score of 6.4 has been assigned.

Mitigation / Recommended Action

Refer to the security bulletin for steps to mitigate the threat.

Solution

Patches are available for versions 6.x and 5.x of the affected products. Refer to security bulletin 15-0006-001 for additional information.

External References

n/a


Neem contact op met Mitel
+31 (0)88 235 6483 Contact