Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides
information on the status of investigation and provides additional information on products confirmed to be affected
and recommended action to be taken by customers. Advisories are posted in reverse chronological order.
For Unify product portfolio customers looking for security advisory information about their applications, product security vulnerabilities are published at unify.com/en/support/security-advisories.
This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including
the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the
information is accurate or up to date. By using the information, you acknowledge and agree that your use of the
information, or the documents or materials linked to this information, is at your own risk. In addition,
Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement
with Mitel. Mitel reserves the right to change or update this information without notice at any time.
Click here for a more comprehensive details on Mitel’s Product Security Policy ›
Description | Advisory ID | CVE# | Severity | Publish Date | Last Updated |
---|---|---|---|---|---|
Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000 | 16-0009 | N/A | high | 2016-03-18 | 2016-03-18 |
DROWN (OpenSSL vulnerability) - CVE-2016-0800 | 16-0008 | CVE-2016-0800 | medium | 2016-03-07 | 2016-03-07 |
XSS vulnerability in MiCC 7.x | 16-0005 | N/A | medium | 2016-03-07 | 2016-03-07 |
NTPD Vulnerabilities | 16-0004 | CVE-2015-8138 | medium | 2016-03-07 | 2016-05-02 |
glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547) | 16-0007 | CVE-2015-7547 | high | 2016-02-25 | 2016-05-02 |
OpenSSH Client Vulnerabilities | 16-0003 | CVE-2016-0777 CVE-2016-0778 | info | 2016-02-01 | 2016-02-01 |
Multiple Weaknesses in Mitel 6700/6800 series SIP phones | 16-0002 | N/A | low | 2016-02-01 | 2016-02-01 |
SQL Injection Vulnerability in MiCollab | 16-0001 | N/A | high | 2016-02-01 | 2016-02-01 |
Java Deserialization Vulnerability | 15-0013 | N/A | medium | 2015-12-04 | 2016-02-01 |
Multiple Oracle Java Vulnerabilities | 15-0012 | CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 | high to medium | 2015-12-04 | 2016-05-02 |
Security Advisory for MiCC | 15-0007 | N/A | low | 2015-11-04 | 2015-11-04 |
OpenSSH: authentication limitsbypass (CVE-2015-5600) | 15-0009 | CVE-2015-5600 | high | 2015-09-04 | 2015-09-04 |
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) | 15-0008 | CVE-2015-1793 | medium | 2015-07-31 | 2015-07-31 |
CGI Flaw in MiCollab AWV | 15-0006 | N/A | medium | 2015-07-31 | 2015-07-31 |
Weakness in Diffie-Hellman key exchange / Logjam | 15-0004 | CVE-2015-1716 CVE-2015-4000 | low | 2015-07-31 | 2015-09-29 |
Enabled VxWorks debug service | OBSO-1010-01 | - | high | 2010-10-15 | 2010-10-15 |