Mitel Product Security Advisory 21-0002

Mitel MiContact Center Business Access Token Vulnerability

Advisory ID: 21-0002

Publish Date: 2021-02-10

Last Updated: 2021-02-10

Revision: 1.0

 

Summary

The Software Development Kit in Mitel MiContact Center Business could allow an unauthenticated attacker to access user data without authorization due to improper handling of tokens. Successful exploit could allow an attacker to view and modify user data, potentially impacting confidentiality of user data and integrity of the application.

Mitel is recommending customers with affected product versions, update to the latest release.

 

Affected Products

Security Bulletins are being issued for the following products:

 

Risk Assessment

The risk for this vulnerability is rated as High. Refer to the product Security Bulletins for additional statements regarding risk.

 

 

Mitigation / Recommended Action

Mitel has issued new hotfixes for the affected software versions. Customers are advised to apply the appropriate hotfix. For more information refer to the Product Security Bulletin and review related Knowledge Base article, Mandatory Security Hot Fix for CVE-2021-3352.

 

 

External References

N/A

 

Related CVEs / CWEs / Advisories

CVE-2021-3352

 

Revision History

Version Date Description
1.0 2021-02-10 Initial Version
Neem contact op met Mitel