Mitel Product Security Advisory 21-0002

Mitel Product Security Advisory 21-0002

Mitel MiContact Center Business Access Token Vulnerability

Advisory ID: 21-0002

Publish Date: 2021-02-10

Last Updated: 2021-02-10

Revision: 1.0

Summary

The Software Development Kit in Mitel MiContact Center Business could allow an unauthenticated attacker to access user data without authorization due to improper handling of tokens. Successful exploit could allow an attacker to view and modify user data, potentially impacting confidentiality of user data and integrity of the application.

Mitel is recommending customers with affected product versions, update to the latest release.

Affected Products

Product NameProduct VersionSecurity BulletinLast Updated
MiContact Center Business
 

MiContact Center Business from 8.0.0.0 to 8.1.4.1

MiContact Center Business 9.0.0.0

MiContact Center Business 9.0.1.0

MiContact Center Business 9.0.2.0

MiContact Center Business 9.1.0.0

MiContact Center Business 9.1.1.0

MiContact Center Business 9.1.2.0

MiContact Center Business 9.1.3.0

MiContact Center Business 9.2.0.0

MiContact Center Business 9.2.1.0

MiContact Center Business 9.2.2.0

MiContact Center Business 9.2.3.0

MiContact Center Business 9.3.0.0

MiContact Center Business 9.3.1.0

 21-0002-001 2021-02-10

Risk Assessment

The risk for this vulnerability is rated as High. Refer to the product Security Bulletins for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued new hotfixes for the affected software versions. Customers are advised to apply the appropriate hotfix. For more information refer to the Product Security Bulletin and review related Knowledge Base article, Mandatory Security Hot Fix for CVE-2021-3352.

External References

N/A

Related CVEs / CWEs / Advisories

CVE-2021-3352

Revision History

VersionDateDescription
1.02021-02-10Initial Version

Stay One Step Ahead Get notifications of the latest security advisories sent right to your inbox every week!