SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›

Description  Advisory ID CVE# Publish Date Last Updated
Mitel MiVoice 6800/6900 SIP series phones key length vulnerability   19-0006 CVE-2019-18863 2019-11-22 2019-11-22
Linux Sudo Bypass of User Restrictions Vulnerability   19-0005 CVE-2019-14287 2019-11-12 2019-11-26
MiVoice Business Security Certificate  19-0004 N/A 2019-08-28 2019-08-28
Mitel CMG Suite SQL Injection Vulnerability 19-0003 CVE-2018-18285
CVE-2018-18286
2019-03-29 2019-03-29
InAttend and CMG Suite Password Vulnerability 19-0002 CVE-2018-19275 2019-03-29 2019-03-29
Mitel MiVoice 6800 and 6900 SIP series phones weak authentication vulnerability 19-0001 N/A 2019-03-19 2019-03-19
MiCollab Authorization Vulnerability  18-0012  CVE-2018-18819 2018-10-31  2018-10-31 
MiCollab SQL Injection and Stored XSS vulnerabilities  18-0011  N/A 2018-10-31  2018-10-31 
Apache Struts 2 Remote Code Execution Vulnerability 18-0010  CVE-2018-11776 2018-10-31 2018-10-31 
MiVoice 5300 IP Series Phone Denial of Service Vulnerability  18-0009  CVE-2018-15497 2018-09-25  2018-09-25 
MiVoice Office 400 Reflected XSS Vulnerability  18-0008  CVE-2018-16226 2018-09-04   2018-09-04  
ST 14.2 Reflected XSS Vulnerability  18-0007  CVE-2018-12901 2018-09-04  2018-09-04 
Side-Channel Analysis, Spectre Variant 4 and 3a 18-0006 CVE-2018-3640 2018-05-23 2018-06-26
Mitel for Salesforce XSS Vulnerability  18-0005   N/A 2018-03-06  2018-03-06 
Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities  18-0004  CVE-2018-5779
CVE-2018-5780
CVE-2018-5781
CVE-2018-5782
CVE-2017-16250
CVE-2017-16251
2018-03-06  2018-03-06 
MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities 18-0003  CVE-2018-9101
CVE-2018-9102
CVE-2018-9103
CVE-2018-9104
2018-01-31  2018-01-31 
XML External Entity (XXE) Vulnerability in MiCollab AWV  18-0002  CWE-918 2018-01-31  2018-01-31 
Side-Channel Analysis Vulnerabilities  18-0001  CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
2018-01-08  2018-05-08 
SSRF/XSPA Vulnerability in MiContact Center Business  17-0012  CWE-918 2017-12-08   2017-12-08  
Vulnerability in MiCollab Microsoft Outlook Plugin   17-0011  N/A 2017-10-30   2017-10-30 
Multiple Vulnerabilities in MiCollab and MiCollab AWV
17-0010  CWE-20
CWE-79
CWE-93
CWE-307
2017-09-14   2017-09-14
SMB1 Remote Code Execution   17-0009  CWE-306
CWE-862
2017-06-05  2017-06-05 
OpenSSL Vulnerabilities in MiCollab Desktop Applications  17-0008  CVE-2016-2183
CVE-2014-0160
2017-06-05  2017-06-05 
WannaCry Ransomware Attack 17-0007  N/A 2017-05-23  2017-05-23 
Unauthorized Access to MiCollab Client  17-0006  CWE-306
CWE-862
2017-06-05   2017-06-05  
Apache Struts Remote Code Execution Vulnerability CVE-2017-5638  17-0004  CVE-2017-5638 2017-03-20  2017-03-20 
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360)  17-0003  CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829
CVE-2015-3864
2017-02-15  2017-04-03 
Privilege Escalation / Remote Code Execution Vulnerability
in MiVoice Conference/Video Phone (UC360) 
17-0002  CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829
CVE-2015-3864
2017-02-15  2017-02-15 
Misuse / Potential Compromise of Certain Mitel Product Certificates  17-0001  CWE-321 2017-02-09  2017-04-03 
Vulnerability in Objective Systems ASN1C (CVE-2016-5080)  16-0020   CVE-2016-5080
CWE-190
2016-12-02  2016-12-02 
CVE-2016-5195: Linux Kernel Privilege Escalation  16-0019  CVE-2016-5195 2016-10-27  2016-12-06 
MiCollab Client Web Portal Call Service Vulnerability  16-0018  CWE-284 2016-11-04  2016-11-04 
MiCollab Desktop Client Bypasses Windows Firewall  16-0016  CWE-264 2016-11-04  2016-11-04 
Unrestricted File Upload in MiCollab AWV   16-0015  CWE-434 2016-11-04  2016-11-04 
Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93  16-0014  CVE-2016-7979
CVE-2016-4957
CVE-2016-4956
CVE-2016-4954
CVE-2016-4953
CVE-2016-2518
CVE-2016-2106
CVE-2016-1548
CVE-2016-1547
CVE-2016-1550
2016-08-02  2016-08-02 
Multiple Vulnerabilities in OpenSSL  16-0013  CVE-2016-2105
CVE-2016-2106
CVE-2016-2107
CVE-2016-2108
CVE-2016-2109
CVE-2016-2176
CVE-2016-2842
2016-07-05  2016-07-05 
XSS Vulnerability in MiCollab AWV  16-0012  N/A 2016-06-03  2016-06-03 
Multiple Vulnerabilities in ImageMagick  16-0011  CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
CVE-2016-3718
2016-05-09  2016-06-03 
Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000  16-0009 N/A 2016-03-18   2016-03-18 
DROWN (OpenSSL vulnerability) - CVE-2016-0800  16-0008  CVE-2016-0800 2016-03-07   2016-03-07 
glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547)   16-0007  CVE-2015-7547 2016-02-25  2016-05-02 
XSS vulnerability in MiCC 7.x  16-0005
N/A 2016-03-07  2016-03-07
NTPD Vulnerabilities  16-0004
CVE-2015-8138 2016-03-07  2016-05-02 
OpenSSH Client Vulnerabilities 16-0003  CVE-2016-0777
CVE-2016-0778
2016-02-01  2016-02-01 
Multiple Weaknesses in Mitel 6700/6800 series SIP phones 16-0002  N/A 2016-02-01  2016-02-01 
SQL Injection Vulnerability in MiCollab  16-0001  N/A 2016-02-01  2016-02-01 
Java Deserialization Vulnerability  15-0013  N/A 2015-12-04  2016-02-01 
Multiple Oracle Java Vulnerabilities  15-0012  CVE-2015-4731
CVE-2015-4732
CVE-2015-4733
CVE-2015-4734
CVE-2015-4748
CVE-2015-4760
CVE-2015-4803
CVE-2015-4805
CVE-2015-4806
CVE-2015-4835
CVE-2015-4840
CVE-2015-4842
CVE-2015-4843
CVE-2015-4844
CVE-2015-4860
CVE-2015-4872
CVE-2015-4881
CVE-2015-4882
CVE-2015-4883
CVE-2015-4893
CVE-2015-4903
CVE-2015-4911
2015-12-04  2016-05-02 
Security Advisory for MiCC  15-0007  N/A 2015-11-04  2015-11-04 
OpenSSH: authentication limits bypass (CVE-2015-5600)  15-0009   CVE-2015-5600 2015-09-04  2015-09-04 
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793)  15-0008  CVE-2015-1793 2015-07-31  2015-07-31 
CGI Flaw in MiCollab AWV  15-0006  N/A 2015-07-31  2015-07-31 
Weakness in Diffie-Hellman key exchange / Logjam  15-0004  CVE-2015-1716
CVE-2015-4000
2015-07-31   2015-09-29 

Ready to talk to sales? Contact us.