SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.


This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›


STAY ONE STEP AHEAD

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Description Advisory ID CVE# Severity Publish Date Last Updated
Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit Argument Injection Vulnerability 24-0009 CVE-2024-31966 medium 2024-04-17 2024-04-25
Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit Path Traversal Vulnerability 24-0008 CVE-2024-31965 medium 2024-04-17 2024-04-17
Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit Authentication Bypass Vulnerability 24-0007 CVE-2024-31964 medium 2024-04-17 2024-04-17
Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including 6970 Conference Unit Buffer Overflow Vulnerability 24-0006 CVE-2024-31963 medium 2024-04-17 2024-04-25
MiCollab Stored Cross-Site Scripting (XSS) Vulnerability 24-0005 CVE-2024-30159, CVE-2024-30160 high 2024-04-10 2024-04-10
MiCollab SQL Injection vulnerability 24-0004 CVE-2024-30157, CVE-2024-30158 high 2024-04-10 2024-04-10
Credentials disclosure vulnerability in Unify OpenScape Desk Phones CP OBSO-2404-01 CVE-2024-28065 CVE-2024-28066 low 2024-04-03 2024-04-04
Mitel InAttend and Mitel CMG Improper Configuration Vulnerability 24-0003 CVE-2024-28815 critical 2024-03-13 2024-03-13
MiContact Center Business Reflected Cross Site Scripting Vulnerability 24-0002 CVE-2024-28070 high 2024-02-29 2024-03-05
MiContact Center Business Information Disclosure Vulnerability 24-0001 CVE-2024-28069 high 2024-02-29 2024-03-05
Command injection vulnerability in Atos Unify OpenScape Business V3 OBSO-2401-03 - high 2024-01-31 2024-01-31
Apache ActiveMQ OpenWire Protocol Class Type Manipulation Arbitrary Code Execution Vulnerability (CVE-2023-46604) OBSO-2401-02 CVE-2023-46604 critical to high 2024-01-10 2024-01-10
Path Traversal vulnerability in Atos Unify OpenScape Voice (CVE-2023-48166) OBSO-2401-01 CVE-2023-48166 high 2024-01-10 2024-01-10
Multiple vulnerabilities affecting Atos Unify IP Devices OBSO-2312-01 - high to medium 2023-12-11 2023-12-15
Google WebP (libwebp) utils/huffman_utils.c BuildHuffmanTable() Function Stream Decoding Heap Buffer Overflow (CVE-2023-4863/CVE-2023-5129) OBSO-2310-02 CVE-2023-4863, CVE-2023-5129 high to medium 2023-12-11 2023-12-13
Argument injection vulnerability in Atos Unify OpenScape SBC and Atos Unify OpenScape Branch (CVE-2023-6269) OBSO-2310-01 CVE-2023-6269 critical 2023-10-04 2023-10-09
MiVoice Connect Mobility Router Cross Site Request Forgery (CSRF) Vulnerability 23-0015 CVE-2023-39286 medium 2023-08-23 2023-08-23
MiVoice Connect Edge Gateway Cross Site Request Forgery (CSRF) Vulnerability 23-0014 CVE-2023-39285 medium 2023-08-23 2023-08-23
Command injection vulnerabilities in the Atos Unify OpenScape 4000 Platform and Atos Unify OpenScape 4000 Manager Platform (CVE-2023-45355/CVE-2023-45356) OBSO-2308-02 CVE-2023-45355, CVE-2023-45356 high 2023-08-10 2023-10-19
MiVoice Connect Mobility Router Information Disclosure Vulnerability 23-0013 CVE-2023-39291 medium 2023-08-09 2023-08-09
Ready to talk to sales? Contact us.