Mitel Product Security Advisory 18-0010
Mitel Product Security Advisory 18-0010
Apache Struts 2 Remote Code Execution Vulnerability
Advisory ID: 18-0010
Publish Date: 2018-10-31
Last Updated: 2018-10-31
Revision: 1.0
Summary
A vulnerability in the Apache Struts 2 component used in MiCloud Telepo could allow an unauthenticated remote attacker to execute arbitrary code. This vulnerability could allow an attacker using specifically crafted input in vulnerable pages to execute arbitrary code in the context of the application.
Mitel is not aware of customers that have been impacted by this vulnerability.
Mitel recommends customers with affected product versions update to the latest release.
Affected Products
A Security Bulletin is being issued for the following product:
| Product Name | Product Versions | Security Bulletin | Last Updated |
| MiCloud Telepo | 4.5 Patch 10 (4.5.13081) and earlier | 18-0010-001 | 2018-10-31 |
Other Mitel products have been evaluated as not affected.
Risk Assessment
The risk of this vulnerability is rated as high.
Refer to the product Security Bulletin for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued patches for the affected software. Customers are advised to update their software to the latest versions. Later versions of MiCloud Telepo, 4.6 or later, are not affected by these vulnerabilities.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
External References
https://nvd.nist.gov/vuln/detail/CVE-2018-11776
https://cwiki.apache.org/confluence/display/WW/S2-057
Related CVEs / Advisories
CVE-2018-11776
Revision History
| Version | Date | Description |
| 1.0 | 2018-10-31 | Initial version |