CVE-2017-16251: Malicious File Upload
First published: Tue Mar 13 2018(Updated: )
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel St14.2 | <=ga28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-16251?
CVE-2017-16251 has a severity rating that indicates a significant security risk due to potential arbitrary code execution.
How do I fix CVE-2017-16251?
To fix CVE-2017-16251, upgrade your Mitel ST 14.2 system to a version beyond GA28 to eliminate the vulnerability.
What type of attack is associated with CVE-2017-16251?
CVE-2017-16251 can lead to remote code execution through a crafted POST request by an authenticated user.
Who is affected by CVE-2017-16251?
CVE-2017-16251 affects users of Mitel ST 14.2 up to and including release GA28.
What component of Mitel ST 14.2 does CVE-2017-16251 impact?
CVE-2017-16251 specifically impacts the conferencing component of Mitel ST 14.2.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mitel
- canonical/mitel st14.2
- version/mitel st14.2/ga28