SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.

For Unify product portfolio customers looking for security advisory information about their applications, product security vulnerabilities are published at unify.com/en/support/security-advisories.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Description Advisory ID CVE# Severity Publish Date Last Updated
MiVoice Connect Mobility Router Cross Site Request Forgery (CSRF) Vulnerability 23-0015 CVE-2023-39286 medium 2023-08-23 2023-08-23
MiVoice Connect Edge Gateway Cross Site Request Forgery (CSRF) Vulnerability 23-0014 CVE-2023-39285 medium 2023-08-23 2023-08-23
MiVoice Connect Mobility Router Information Disclosure Vulnerability 23-0013 CVE-2023-39291 medium 2023-08-09 2023-08-09
MiVoice Connect Edge Gateway Information Disclosure Vulnerability 23-0012 CVE-2023-39290 medium 2023-08-09 2023-08-09
MiVoice Connect Mobility Router Command Argument Injection and Information Disclosure Vulnerabilities 23-0011 CVE-2023-39288 CVE-2023-39289 medium 2023-08-09 2023-08-09
MiVoice Connect Edge Gateway Command Argument Injection Vulnerability 23-0010 CVE-2023-39287 medium 2023-08-09 2023-08-09
MiVoice Office 400 SMB Controller Command Injection Vulnerability 23-0009 CVE-2023-39293 critical 2023-08-02 2023-08-02
MiVoice Office 400 SMB Controller SQL Injection Vulnerability 23-0008 CVE-2023-39292 critical 2023-08-02 2023-08-02
MiVoice Connect Mobility Router Command Injection Vulnerability 23-0007 CVE-2023-31460 high 2023-05-17 2023-05-17
MiVoice Connect Mobility Router Default Password Vulnerability 23-0006 CVE-2023-31459 high 2023-05-17 2023-05-17
MiVoice Connect Default Password Vulnerability 23-0005 CVE-2023-31458 critical 2023-05-17 2023-05-17
MiVoice Connect Improper Access Control Vulnerability 23-0004 CVE-2023-31457 CVE-2023-32748 critical 2023-05-17 2023-05-17
MiVoice Connect Reflected Cross-site Scripting Vulnerability 23-0003 CVE-2023-25598 CVE-2023-25599 medium 2023-05-17 2023-05-17
MiCollab Authentication Vulnerability 23-0002 CVE-2023-25597 medium 2023-04-05 2023-04-05
MiContact Center Business Local File Inclusion Vulnerability 23-0001 CVE-2023-22854 high 2023-01-18 2023-01-18
Mitel MiCollab Authorization Control Vulnerability 22-0009 CVE-2022-41326 critical 2022-10-12 2022-10-12
MiVoice Connect Code Injection Vulnerability 22-0008 CVE-2022-41223 medium 2022-10-12 2022-10-13
MiVoice Connect Command Injection Vulnerability 22-0007 CVE-2022-40765 medium 2022-10-12 2022-10-13
Mitel MiCollab Multiple Security Vulnerabilities 22-0006 CVE-2022-36451 CVE-2022-36452 CVE-2022-36453 CVE-2022-36454 medium 2022-07-27 2022-08-29
MiVoice Business, MiVoice Business Express Buffer Overflow Vulnerability 22-0005 CVE-2022-31784 critical 2022-06-08 2022-06-08
Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability 22-0004 CVE-2022-29855 medium 2022-05-03 2022-05-03
Mitel 6900 Series IP Phone Access Control Vulnerability 22-0003 CVE-2022-29854 medium 2022-05-03 2022-05-12
MiVoice Connect Data Validation Vulnerability 22-0002 CVE-2022-29499 critical 2022-04-19 2022-07-06
MiCollab, MiVoice Business Express Access Control Vulnerability 22-0001 CVE-2022-26143 critical 2022-02-22 2022-03-11
Vulnerability in Apache Log4j Libraries Affecting Mitel Products 21-0010 CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 critical 2021-12-13 2022-11-16
Mitel Interaction Call Recording Vulnerability 21-0006 CVE-2021-37586 medium 2021-08-02 2021-08-02
Mitel MiCollab Multiple Security Vulnerabilities 21-0005 CVE-2021-32067 CVE-2021-32072 CVE-2021-32068 CVE-2021-32071 CVE-2021-32069 CVE-2021-32070 high to medium 2021-05-24 2021-05-24
Mitel MiCollab Multiple Security Vulnerabilities 21-0004 CVE-2021-27402 CVE-2021-27401 medium 2021-03-09 2021-03-09
Mitel MiContact Center Enterprise - Directory Traversal Vulnerability 21-0003 CVE-2021-26714 critical 2021-02-16 2021-02-16
Mitel MiContact Center Business Access Token Vulnerability 21-0002 CVE-2021-3352 critical 2021-02-10 2021-02-10
Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability 21-0001 CVE-2021-3176 high 2021-01-25 2021-01-25
Mitel MiCollab NuPoint Messenger Unauthenticated Access Vulnerability 20-0016 CVE-2020-35547 critical 2020-12-29 2020-12-29
Mitel MiCollab Multiple Security Vulnerabilities 20-0015 CVE-2020-25606 CVE-2020-25608 CVE-2020-25609 CVE-2020-25610 CVE-2020-25611 CVE-2020-25612 CVE-2020-27340 high to medium 2020-11-12 2020-11-02
Mitel MiVoice SIP and MiNet Phones Bluetooth Auto Pair Vulnerability 20-0014 CVE-2020-27639 CVE-2020-27640 high to medium 2020-11-02 2020-11-02
Mitel MiVoice SIP, MiNet and DECT Phones Information Disclosure (KNOB) Vulnerability 20-0013 CVE-2019-9506 high 2020-11-02 2020-11-02
Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability 20-0012 CVE-2020-27154 high 2020-10-20 2020-10-20
Mitel MiContact Center Business Multiple Security Vulnerabilities 20-0011 CVE-2020-24692 CVE-2020-24693 medium to low 2020-09-02 2020-09-02
Mitel MiCloud Management Portal Multiple Security Vulnerabilities 20-0010 CVE-2020-24592 CVE-2020-24593 CVE-2020-24594 CVE-2020-24595 medium to low 2020-08-31 2020-08-31
Mitel Border Gateway update for a Buffer Overflow vulnerability in PPP Daemon 20-0009 CVE-2020-8597 critical 2020-07-07 2020-07-07
Mitel MiCollab Multiple Security Vulnerabilities 20-0008 CVE-2020-13863 CVE-2020-13767 medium 2020-06-25 2020-06-25
Mitel MiVoice 6800 and 6900 series SIP Phones - Memory Disclosure Vulnerability 20-0007 CVE-2020-13617 high 2020-06-02 2020-06-02
Mitel MiVoice Connect Client - Remote Code Execution Vulnerability 20-0006 CVE-2020-12456 high 2020-06-01 2020-07-16
MiCollab Multiple Security Vulnerabilities 20-0005 CVE-2020-11798 CVE-2020-11797 high to medium 2020-04-30 2020-04-30
MiVoice Connect - Remote Code Execution and Weak Encryption Vulnerabilities 20-0004 CVE-2020-10211 CVE-2020-10377 critical 2020-03-31 2020-03-31
Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability 20-0003 CVE-2020-9379 medium 2020-03-02 2020-03-02
Microsoft changes to Default Security Settings for LDAP on Active Directory 20-0002 N/A medium 2020-02-17 2020-03-30
Mitel 6970 – Port Configuration Vulnerability 20-0001 N/A medium 2020-01-22 2020-01-22
Mitel SIP-DECT – Encryption key vulnerability 19-0009 CVE-2019-19891 medium 2019-12-27 2019-12-27
Mitel MiCollab for Android – Cross-Site-Scripting (XSS) 19-0008 CVE-2019-19370 medium 2019-12-20 2019-12-20
MiCollab SQL injection and XSS vulnerabilities 19-0007 CVE-2019-19607 CVE-2019-19608 CVE-2019-19371 high 2019-12-20 2019-12-20
Mitel MiVoice 6800/6900 SIP series phones key length vulnerability 19-0006 CVE-2019-18863 medium 2019-11-22 2019-11-22
Linux Sudo Bypass of User Restrictions Vulnerability 19-0005 CVE-2019-14287 info 2019-11-12 2019-11-26
MiVoice Business Security Certificate 19-0004 N/A info 2019-08-28 2019-08-28
Mitel CMG Suite SQL Injection Vulnerability 19-0003 CVE-2018-18285 CVE-2018-18286 critical 2019-03-29 2019-03-29
InAttend and CMG Suite Password Vulnerability 19-0002 CVE-2018-19275 critical 2019-03-29 2019-03-29
Mitel MiVoice 6800 and 6900 SIP series phones weak authentication vulnerability 19-0001 N/A medium 2019-03-19 2019-03-19
MiCollab Authorization Vulnerability 18-0012 CVE-2018-18819 medium 2018-10-31 2018-10-31
MiCollab SQL Injection and Stored XSS vulnerabilities 18-0011 N/A high 2018-10-31 2018-10-31
Apache Struts 2 Remote Code Execution Vulnerability 18-0010 CVE-2018-11776 high 2018-10-31 2018-10-31
MiVoice 5300 IP Series Phone Denial of Service Vulnerability 18-0009 CVE-2018-15497 critical 2018-09-25 2018-09-25
MiVoice Office 400 Reflected XSS Vulnerability 18-0008 CVE-2018-16226 medium 2018-09-04 2018-09-04
ST 14.2 Reflected XSS Vulnerability 18-0007 CVE-2018-12901 medium 2018-09-04 2018-09-04
Side-Channel Analysis, Spectre Variant 4 and 3a 18-0006 CVE-2018-3640 medium 2018-05-23 2018-06-26
Mitel for Salesforce XSS Vulnerability 18-0005 N/A high 2018-03-06 2018-03-06
Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities 18-0004 CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251 high 2018-03-06 2018-03-06
MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities 18-0003 CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104 medium 2018-01-31 2018-01-31
XML External Entity (XXE) Vulnerability in MiCollab AWV 18-0002 CWE-918 high 2018-01-31 2018-01-31
Side-Channel Analysis Vulnerabilities 18-0001 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 medium 2018-01-08 2018-05-08
SSRF/XSPA Vulnerability in MiContact Center Business 17-0012 CWE-918 high 2017-12-08 2017-12-08
Vulnerability in MiCollab Microsoft Outlook Plugin 17-0011 N/A high 2017-10-30 2017-10-30
Multiple Vulnerabilities in MiCollab and MiCollab AWV 17-0010 CWE-20 CWE-79 CWE-93 CWE-307 high 2017-09-14 2017-09-14
SMB1 Remote Code Execution 17-0009 CWE-306 CWE-862 high 2017-06-05 2017-06-05
OpenSSL Vulnerabilities in MiCollab Desktop Applications 17-0008 CVE-2016-2183 CVE-2014-0160 high 2017-06-05 2017-06-05
Unauthorized Access to MiCollab Client 17-0006 CWE-306 CWE-862 high 2017-06-05 2017-06-05
WannaCry Ransomware Attack 17-0007 N/A high 2017-05-23 2017-05-23
Apache Struts Remote Code Execution Vulnerability CVE-2017-5638 17-0004 CVE-2017-5638 critical 2017-03-20 2017-03-20
Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) 17-0003 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 critical 2017-02-15 2017-04-03
Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) 17-0002 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 high 2017-02-15 2017-02-15
Misuse / Potential Compromise of Certain Mitel Product Certificates 17-0001 CWE-321 info 2017-02-09 2017-04-03
Vulnerability in Objective Systems ASN1C (CVE-2016-5080) 16-0020 CVE-2016-5080 CWE-190 critical 2016-12-02 2016-12-02
MiCollab Client Web Portal Call Service Vulnerability 16-0018 CWE-284 low 2016-11-04 2016-11-04
MiCollab Desktop Client Bypasses Windows Firewall 16-0016 CWE-264 medium 2016-11-04 2016-11-04
Unrestricted File Upload in MiCollab AWV 16-0015 CWE-434 medium 2016-11-04 2016-11-04
CVE-2016-5195: Linux Kernel Privilege Escalation 16-0019 CVE-2016-5195 high 2016-10-27 2016-12-06
Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93 16-0014 CVE-2016-7979 CVE-2016-4957 CVE-2016-4956 CVE-2016-4954 CVE-2016-4953 CVE-2016-2518 CVE-2016-2106 CVE-2016-1548 CVE-2016-1547 CVE-2016-1550 high 2016-08-02 2016-08-02
Multiple Vulnerabilities in OpenSSL 16-0013 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 CVE-2016-2842 high 2016-07-05 2016-07-05
XSS Vulnerability in MiCollab AWV 16-0012 N/A high 2016-06-03 2016-06-03
Multiple Vulnerabilities in ImageMagick 16-0011 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 high 2016-05-09 2016-06-03
Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000 16-0009 N/A high 2016-03-18 2016-03-18
DROWN (OpenSSL vulnerability) - CVE-2016-0800 16-0008 CVE-2016-0800 medium 2016-03-07 2016-03-07
XSS vulnerability in MiCC 7.x 16-0005 N/A medium 2016-03-07 2016-03-07
NTPD Vulnerabilities 16-0004 CVE-2015-8138 medium 2016-03-07 2016-05-02
glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547) 16-0007 CVE-2015-7547 high 2016-02-25 2016-05-02
OpenSSH Client Vulnerabilities 16-0003 CVE-2016-0777 CVE-2016-0778 info 2016-02-01 2016-02-01
Multiple Weaknesses in Mitel 6700/6800 series SIP phones 16-0002 N/A low 2016-02-01 2016-02-01
SQL Injection Vulnerability in MiCollab 16-0001 N/A high 2016-02-01 2016-02-01
Java Deserialization Vulnerability 15-0013 N/A medium 2015-12-04 2016-02-01
Multiple Oracle Java Vulnerabilities 15-0012 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 high to medium 2015-12-04 2016-05-02
Security Advisory for MiCC 15-0007 N/A low 2015-11-04 2015-11-04
OpenSSH: authentication limitsbypass (CVE-2015-5600) 15-0009 CVE-2015-5600 high 2015-09-04 2015-09-04
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) 15-0008 CVE-2015-1793 medium 2015-07-31 2015-07-31
CGI Flaw in MiCollab AWV 15-0006 N/A medium 2015-07-31 2015-07-31
Weakness in Diffie-Hellman key exchange / Logjam 15-0004 CVE-2015-1716 CVE-2015-4000 low 2015-07-31 2015-09-29
Ready to talk to sales? Contact us.