Mitel Product Security Advisory 21-0002
Mitel Product Security Advisory 21-0002
Mitel MiContact Center Business Access Token Vulnerability
Advisory ID: 21-0002
Publish Date: 2021-02-10
Last Updated: 2021-02-10
Revision: 1.0
Summary
The Software Development Kit in Mitel MiContact Center Business could allow an unauthenticated attacker to access user data without authorization due to improper handling of tokens. Successful exploit could allow an attacker to view and modify user data, potentially impacting confidentiality of user data and integrity of the application.
Mitel is recommending customers with affected product versions, update to the latest release.
Affected Products
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| MiContact Center Business | MiContact Center Business from 8.0.0.0 to 8.1.4.1 MiContact Center Business 9.0.0.0 MiContact Center Business 9.0.1.0 MiContact Center Business 9.0.2.0 MiContact Center Business 9.1.0.0 MiContact Center Business 9.1.1.0 MiContact Center Business 9.1.2.0 MiContact Center Business 9.1.3.0 MiContact Center Business 9.2.0.0 MiContact Center Business 9.2.1.0 MiContact Center Business 9.2.2.0 MiContact Center Business 9.2.3.0 MiContact Center Business 9.3.0.0 MiContact Center Business 9.3.1.0 | 21-0002-001 | 2021-02-10 |
Risk Assessment
The risk for this vulnerability is rated as High. Refer to the product Security Bulletins for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued new hotfixes for the affected software versions. Customers are advised to apply the appropriate hotfix. For more information refer to the Product Security Bulletin and review related Knowledge Base article, Mandatory Security Hot Fix for CVE-2021-3352.
External References
N/A
Related CVEs / CWEs / Advisories
CVE-2021-3352
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2021-02-10 | Initial Version |