Mitel Product Security Advisory 21-0006
Mitel Product Security Advisory 21-0006
Mitel Interaction Call Recording Vulnerability
Advisory ID: 21-0006
Publish Date: 2021-08-02
Last Updated: 2021-08-02
Revision: 1.0
Summary
Following vulnerability was privately reported to Mitel.
The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant due to insufficient. A successful exploit could allow a user to view sensitive system information thereby impacting the confidentiality of user data.
Mitel is recommending customers with affected product versions to update to the latest release.
Affected Products
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| Mitel Interaction Recording | 6.6 and earlier | 21-0006-001 | 2021-08-01 |
Risk Assessment
The risk for this vulnerability is rated as Medium. Refer to the product Security Bulletins for additional statements regarding risk.
Mitigation / Recommended Action
Vulnerability impacts only to Multi Tenancy systems and users with Administrator rights using POWERplay Web.
Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.
Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.
External References
N/A
Related CVEs / CWEs / Advisories
CVE-2021-37586
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2021-08-02 | Initial version |