Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides
information on the status of investigation and provides additional information on products confirmed to be affected
and recommended action to be taken by customers. Advisories are posted in reverse chronological order.
For Unify product portfolio customers looking for security advisory information about their applications, product security vulnerabilities are published at unify.com/en/support/security-advisories.
This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including
the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the
information is accurate or up to date. By using the information, you acknowledge and agree that your use of the
information, or the documents or materials linked to this information, is at your own risk. In addition,
Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement
with Mitel. Mitel reserves the right to change or update this information without notice at any time.
Click here for a more comprehensive details on Mitel’s Product Security Policy ›
Description | Advisory ID | CVE# | Publish Date | Last Updated |
---|---|---|---|---|
MiVoice Connect Mobility Router Cross Site Request Forgery (CSRF) Vulnerability | 23-0015 | CVE-2023-39286 | 2023-08-23 | 2023-08-23 |
MiVoice Connect Edge Gateway Cross Site Request Forgery (CSRF) Vulnerability | 23-0014 | CVE-2023-39285 | 2023-08-23 | 2023-08-23 |
MiVoice Connect Mobility Router Information Disclosure Vulnerability | 23-0013 | CVE-2023-39291 | 2023-08-09 | 2023-08-09 |
MiVoice Connect Edge Gateway Information Disclosure Vulnerability | 23-0012 | CVE-2023-39290 | 2023-08-09 | 2023-08-09 |
MiVoice Connect Mobility Router Command Argument Injection and Information Disclosure Vulnerabilities | 23-0011 | CVE-2023-39288 CVE-2023-39289 | 2023-08-09 | 2023-08-09 |
MiVoice Connect Edge Gateway Command Argument Injection Vulnerability | 23-0010 | CVE-2023-39287 | 2023-08-09 | 2023-08-09 |
MiVoice Office 400 SMB Controller Command Injection Vulnerability | 23-0009 | CVE-2023-39293 | 2023-08-02 | 2023-08-02 |
MiVoice Office 400 SMB Controller SQL Injection Vulnerability | 23-0008 | CVE-2023-39292 | 2023-08-02 | 2023-08-02 |
MiVoice Connect Mobility Router Command Injection Vulnerability | 23-0007 | CVE-2023-31460 | 2023-05-17 | 2023-05-17 |
MiVoice Connect Mobility Router Default Password Vulnerability | 23-0006 | CVE-2023-31459 | 2023-05-17 | 2023-05-17 |
MiVoice Connect Default Password Vulnerability | 23-0005 | CVE-2023-31458 | 2023-05-17 | 2023-05-17 |
MiVoice Connect Improper Access Control Vulnerability | 23-0004 | CVE-2023-31457 CVE-2023-32748 | 2023-05-17 | 2023-05-17 |
MiVoice Connect Reflected Cross-site Scripting Vulnerability | 23-0003 | CVE-2023-25598 CVE-2023-25599 | 2023-05-17 | 2023-05-17 |
MiCollab Authentication Vulnerability | 23-0002 | CVE-2023-25597 | 2023-04-05 | 2023-04-05 |
MiContact Center Business Local File Inclusion Vulnerability | 23-0001 | CVE-2023-22854 | 2023-01-18 | 2023-01-18 |
Mitel MiCollab Authorization Control Vulnerability | 22-0009 | CVE-2022-41326 | 2022-10-12 | 2022-10-12 |
MiVoice Connect Code Injection Vulnerability | 22-0008 | CVE-2022-41223 | 2022-10-12 | 2022-10-13 |
MiVoice Connect Command Injection Vulnerability | 22-0007 | CVE-2022-40765 | 2022-10-12 | 2022-10-13 |
Mitel MiCollab Multiple Security Vulnerabilities | 22-0006 | CVE-2022-36451 CVE-2022-36452 CVE-2022-36453 CVE-2022-36454 | 2022-07-27 | 2022-08-29 |
MiVoice Business, MiVoice Business Express Buffer Overflow Vulnerability | 22-0005 | CVE-2022-31784 | 2022-06-08 | 2022-06-08 |
Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability | 22-0004 | CVE-2022-29855 | 2022-05-03 | 2022-05-03 |
Mitel 6900 Series IP Phone Access Control Vulnerability | 22-0003 | CVE-2022-29854 | 2022-05-03 | 2022-05-12 |
MiVoice Connect Data Validation Vulnerability | 22-0002 | CVE-2022-29499 | 2022-04-19 | 2022-07-06 |
MiCollab, MiVoice Business Express Access Control Vulnerability | 22-0001 | CVE-2022-26143 | 2022-02-22 | 2022-03-11 |
Vulnerability in Apache Log4j Libraries Affecting Mitel Products | 21-0010 | CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 | 2021-12-13 | 2022-11-16 |
Mitel Interaction Call Recording Vulnerability | 21-0006 | CVE-2021-37586 | 2021-08-02 | 2021-08-02 |
Mitel MiCollab Multiple Security Vulnerabilities | 21-0005 | CVE-2021-32067 CVE-2021-32072 CVE-2021-32068 CVE-2021-32071 CVE-2021-32069 CVE-2021-32070 | 2021-05-24 | 2021-05-24 |
Mitel MiCollab Multiple Security Vulnerabilities | 21-0004 | CVE-2021-27402 CVE-2021-27401 | 2021-03-09 | 2021-03-09 |
Mitel MiContact Center Enterprise - Directory Traversal Vulnerability | 21-0003 | CVE-2021-26714 | 2021-02-16 | 2021-02-16 |
Mitel MiContact Center Business Access Token Vulnerability | 21-0002 | CVE-2021-3352 | 2021-02-10 | 2021-02-10 |
Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability | 21-0001 | CVE-2021-3176 | 2021-01-25 | 2021-01-25 |
Mitel MiCollab NuPoint Messenger Unauthenticated Access Vulnerability | 20-0016 | CVE-2020-35547 | 2020-12-29 | 2020-12-29 |
Mitel MiCollab Multiple Security Vulnerabilities | 20-0015 | CVE-2020-25606 CVE-2020-25608 CVE-2020-25609 CVE-2020-25610 CVE-2020-25611 CVE-2020-25612 CVE-2020-27340 | 2020-11-12 | 2020-11-02 |
Mitel MiVoice SIP and MiNet Phones Bluetooth Auto Pair Vulnerability | 20-0014 | CVE-2020-27639 CVE-2020-27640 | 2020-11-02 | 2020-11-02 |
Mitel MiVoice SIP, MiNet and DECT Phones Information Disclosure (KNOB) Vulnerability | 20-0013 | CVE-2019-9506 | 2020-11-02 | 2020-11-02 |
Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability | 20-0012 | CVE-2020-27154 | 2020-10-20 | 2020-10-20 |
Mitel MiContact Center Business Multiple Security Vulnerabilities | 20-0011 | CVE-2020-24692 CVE-2020-24693 | 2020-09-02 | 2020-09-02 |
Mitel MiCloud Management Portal Multiple Security Vulnerabilities | 20-0010 | CVE-2020-24592 CVE-2020-24593 CVE-2020-24594 CVE-2020-24595 | 2020-08-31 | 2020-08-31 |
Mitel Border Gateway update for a Buffer Overflow vulnerability in PPP Daemon | 20-0009 | CVE-2020-8597 | 2020-07-07 | 2020-07-07 |
Mitel MiCollab Multiple Security Vulnerabilities | 20-0008 | CVE-2020-13863 CVE-2020-13767 | 2020-06-25 | 2020-06-25 |
Mitel MiVoice 6800 and 6900 series SIP Phones - Memory Disclosure Vulnerability | 20-0007 | CVE-2020-13617 | 2020-06-02 | 2020-06-02 |
Mitel MiVoice Connect Client - Remote Code Execution Vulnerability | 20-0006 | CVE-2020-12456 | 2020-06-01 | 2020-07-16 |
MiCollab Multiple Security Vulnerabilities | 20-0005 | CVE-2020-11798 CVE-2020-11797 | 2020-04-30 | 2020-04-30 |
MiVoice Connect - Remote Code Execution and Weak Encryption Vulnerabilities | 20-0004 | CVE-2020-10211 CVE-2020-10377 | 2020-03-31 | 2020-03-31 |
Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability | 20-0003 | CVE-2020-9379 | 2020-03-02 | 2020-03-02 |
Microsoft changes to Default Security Settings for LDAP on Active Directory | 20-0002 | N/A | 2020-02-17 | 2020-03-30 |
Mitel 6970 – Port Configuration Vulnerability | 20-0001 | N/A | 2020-01-22 | 2020-01-22 |
Mitel SIP-DECT – Encryption key vulnerability | 19-0009 | CVE-2019-19891 | 2019-12-27 | 2019-12-27 |
Mitel MiCollab for Android – Cross-Site-Scripting (XSS) | 19-0008 | CVE-2019-19370 | 2019-12-20 | 2019-12-20 |
MiCollab SQL injection and XSS vulnerabilities | 19-0007 | CVE-2019-19607 CVE-2019-19608 CVE-2019-19371 | 2019-12-20 | 2019-12-20 |
Mitel MiVoice 6800/6900 SIP series phones key length vulnerability | 19-0006 | CVE-2019-18863 | 2019-11-22 | 2019-11-22 |
Linux Sudo Bypass of User Restrictions Vulnerability | 19-0005 | CVE-2019-14287 | 2019-11-12 | 2019-11-26 |
MiVoice Business Security Certificate | 19-0004 | N/A | 2019-08-28 | 2019-08-28 |
Mitel CMG Suite SQL Injection Vulnerability | 19-0003 | CVE-2018-18285 CVE-2018-18286 | 2019-03-29 | 2019-03-29 |
InAttend and CMG Suite Password Vulnerability | 19-0002 | CVE-2018-19275 | 2019-03-29 | 2019-03-29 |
Mitel MiVoice 6800 and 6900 SIP series phones weak authentication vulnerability | 19-0001 | N/A | 2019-03-19 | 2019-03-19 |
MiCollab Authorization Vulnerability | 18-0012 | CVE-2018-18819 | 2018-10-31 | 2018-10-31 |
MiCollab SQL Injection and Stored XSS vulnerabilities | 18-0011 | N/A | 2018-10-31 | 2018-10-31 |
Apache Struts 2 Remote Code Execution Vulnerability | 18-0010 | CVE-2018-11776 | 2018-10-31 | 2018-10-31 |
MiVoice 5300 IP Series Phone Denial of Service Vulnerability | 18-0009 | CVE-2018-15497 | 2018-09-25 | 2018-09-25 |
MiVoice Office 400 Reflected XSS Vulnerability | 18-0008 | CVE-2018-16226 | 2018-09-04 | 2018-09-04 |
ST 14.2 Reflected XSS Vulnerability | 18-0007 | CVE-2018-12901 | 2018-09-04 | 2018-09-04 |
Side-Channel Analysis, Spectre Variant 4 and 3a | 18-0006 | CVE-2018-3640 | 2018-05-23 | 2018-06-26 |
Mitel for Salesforce XSS Vulnerability | 18-0005 | N/A | 2018-03-06 | 2018-03-06 |
Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities | 18-0004 | CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251 | 2018-03-06 | 2018-03-06 |
MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities | 18-0003 | CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104 | 2018-01-31 | 2018-01-31 |
XML External Entity (XXE) Vulnerability in MiCollab AWV | 18-0002 | CWE-918 | 2018-01-31 | 2018-01-31 |
Side-Channel Analysis Vulnerabilities | 18-0001 | CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 | 2018-01-08 | 2018-05-08 |
SSRF/XSPA Vulnerability in MiContact Center Business | 17-0012 | CWE-918 | 2017-12-08 | 2017-12-08 |
Vulnerability in MiCollab Microsoft Outlook Plugin | 17-0011 | N/A | 2017-10-30 | 2017-10-30 |
Multiple Vulnerabilities in MiCollab and MiCollab AWV | 17-0010 | CWE-20 CWE-79 CWE-93 CWE-307 | 2017-09-14 | 2017-09-14 |
SMB1 Remote Code Execution | 17-0009 | CWE-306 CWE-862 | 2017-06-05 | 2017-06-05 |
OpenSSL Vulnerabilities in MiCollab Desktop Applications | 17-0008 | CVE-2016-2183 CVE-2014-0160 | 2017-06-05 | 2017-06-05 |
Unauthorized Access to MiCollab Client | 17-0006 | CWE-306 CWE-862 | 2017-06-05 | 2017-06-05 |
WannaCry Ransomware Attack | 17-0007 | N/A | 2017-05-23 | 2017-05-23 |
Apache Struts Remote Code Execution Vulnerability CVE-2017-5638 | 17-0004 | CVE-2017-5638 | 2017-03-20 | 2017-03-20 |
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) | 17-0003 | CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 | 2017-02-15 | 2017-04-03 |
Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) | 17-0002 | CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 | 2017-02-15 | 2017-02-15 |
Misuse / Potential Compromise of Certain Mitel Product Certificates | 17-0001 | CWE-321 | 2017-02-09 | 2017-04-03 |
Vulnerability in Objective Systems ASN1C (CVE-2016-5080) | 16-0020 | CVE-2016-5080 CWE-190 | 2016-12-02 | 2016-12-02 |
MiCollab Client Web Portal Call Service Vulnerability | 16-0018 | CWE-284 | 2016-11-04 | 2016-11-04 |
MiCollab Desktop Client Bypasses Windows Firewall | 16-0016 | CWE-264 | 2016-11-04 | 2016-11-04 |
Unrestricted File Upload in MiCollab AWV | 16-0015 | CWE-434 | 2016-11-04 | 2016-11-04 |
CVE-2016-5195: Linux Kernel Privilege Escalation | 16-0019 | CVE-2016-5195 | 2016-10-27 | 2016-12-06 |
Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93 | 16-0014 | CVE-2016-7979 CVE-2016-4957 CVE-2016-4956 CVE-2016-4954 CVE-2016-4953 CVE-2016-2518 CVE-2016-2106 CVE-2016-1548 CVE-2016-1547 CVE-2016-1550 | 2016-08-02 | 2016-08-02 |
Multiple Vulnerabilities in OpenSSL | 16-0013 | CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 CVE-2016-2842 | 2016-07-05 | 2016-07-05 |
XSS Vulnerability in MiCollab AWV | 16-0012 | N/A | 2016-06-03 | 2016-06-03 |
Multiple Vulnerabilities in ImageMagick | 16-0011 | CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 | 2016-05-09 | 2016-06-03 |
Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000 | 16-0009 | N/A | 2016-03-18 | 2016-03-18 |
DROWN (OpenSSL vulnerability) - CVE-2016-0800 | 16-0008 | CVE-2016-0800 | 2016-03-07 | 2016-03-07 |
XSS vulnerability in MiCC 7.x | 16-0005 | N/A | 2016-03-07 | 2016-03-07 |
NTPD Vulnerabilities | 16-0004 | CVE-2015-8138 | 2016-03-07 | 2016-05-02 |
glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547) | 16-0007 | CVE-2015-7547 | 2016-02-25 | 2016-05-02 |
OpenSSH Client Vulnerabilities | 16-0003 | CVE-2016-0777 CVE-2016-0778 | 2016-02-01 | 2016-02-01 |
Multiple Weaknesses in Mitel 6700/6800 series SIP phones | 16-0002 | N/A | 2016-02-01 | 2016-02-01 |
SQL Injection Vulnerability in MiCollab | 16-0001 | N/A | 2016-02-01 | 2016-02-01 |
Java Deserialization Vulnerability | 15-0013 | N/A | 2015-12-04 | 2016-02-01 |
Multiple Oracle Java Vulnerabilities | 15-0012 | CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 | 2015-12-04 | 2016-05-02 |
Security Advisory for MiCC | 15-0007 | N/A | 2015-11-04 | 2015-11-04 |
OpenSSH: authentication limitsbypass (CVE-2015-5600) | 15-0009 | CVE-2015-5600 | 2015-09-04 | 2015-09-04 |
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) | 15-0008 | CVE-2015-1793 | 2015-07-31 | 2015-07-31 |
CGI Flaw in MiCollab AWV | 15-0006 | N/A | 2015-07-31 | 2015-07-31 |
Weakness in Diffie-Hellman key exchange / Logjam | 15-0004 | CVE-2015-1716 CVE-2015-4000 | 2015-07-31 | 2015-09-29 |