Latest Mitel Vulnerabilities

CVE-2023-40265
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.
Mitel Unify Openscape Xpressions Webassistant>=7.0<7r1_fr5_hf42_p911
CVE-2023-40266
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.
Mitel Unify Openscape Xpressions Webassistant>=7.0<7r1_fr5_hf42_p911
CVE-2023-39285
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due...
Mitel MiVoice Connect<22.24.7100.0
CVE-2023-39286
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due...
Mitel Connect Mobility Router<9.6.2307.111
CVE-2023-39290
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclos...
Mitel MiVoice Connect<=22.24.5800.0
CVE-2023-39291
A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure att...
Mitel MiVoice Connect<=9.6.2304.102
CVE-2023-39288
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to con...
Mitel MiVoice Connect<=9.6.2304.102
CVE-2023-39287
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to con...
Mitel MiVoice Connect<=22.24.5800.0
CVE-2023-39289
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper ...
Mitel MiVoice Connect<=9.6.2208.101
CVE-2023-39293
A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of ...
Mitel MiVoice Office 400<=7.0.9281
Mitel Mivoice Office 400 Smb Controller Firmware<=1.2.5.23
Mitel Mivoice Office 400 Smb Controller
CVE-2023-39292
A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary da...
Mitel MiVoice Office 400<=7.0.9281
Mitel Mivoice Office 400 Smb Controller Firmware<=1.2.5.23
Mitel Mivoice Office 400 Smb Controller
CVE-2023-32748
The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to imprope...
Mitel MiVoice Connect<=22.24.1500.0
CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate...
Mitel MiVoice Connect<=22.24.1500.0
CVE-2023-25599
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack d...
Mitel MiVoice Connect<19.3
Mitel MiVoice Connect=19.3
Mitel MiVoice Connect=19.3-sp1
Mitel MiVoice Connect=19.3-sp2
CVE-2023-31459
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate...
Mitel MiVoice Connect<=9.6.2208.101
CVE-2023-31460
A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command in...
Mitel MiVoice Connect<=9.6.2208.101
CVE-2023-31457
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execu...
Mitel MiVoice Connect<=22.24.1500.0
CVE-2023-25598
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cro...
Mitel MiVoice Connect<=22.24.1500.0
CVE-2023-25597
Mitel MiCollab, MiVoice Business Express<9.7
CVE-2023-22854
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL param...
Mitel MiContact Center Business>=9.2.2.0<9.4.2.0
CVE-2022-41326
Mitel MiCollab<=9.6.0.105
CVE-2022-41223
Mitel MiVoice Connect Code Injection Vulnerability
Mitel MiVoice Connect
Mitel MiVoice Connect<19.3
Mitel MiVoice Connect=19.3
CVE-2022-40765
Mitel MiVoice Connect Command Injection Vulnerability
Mitel MiVoice Connect<19.3
Mitel MiVoice Connect=19.3
CVE-2022-36452
A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to...
Mitel MiCollab, MiVoice Business Express<9.6
CVE-2022-36454
A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A succes...
Mitel MiCollab<=9.5.0.101
CVE-2022-36453
A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A ...
Mitel MiCollab>=9.1.3<=9.5.0.101
CVE-2022-36451
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insuffic...
Mitel MiCollab<=9.5.0.101
CVE-2022-31784
A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the...
Mitel Mivoice Business<=9.3.0.27
Mitel Mivoice Business Express<=8.1.2.801
CVE-2022-29854
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access...
Mitel Minet Firmware<=1.8.0.12
Mitel 6905
Mitel 6910
Mitel 6920
Mitel 6930
Mitel 6930 Sip
and 2 more
CVE-2022-29855
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1...
Mitel 6873i Sip Firmware<5.1.0.8017
Mitel 6873i Sip Firmware>=6.0.0.368<6.1.0.171
Mitel 6873i Sip
Mitel 6930 Sip Firmware<5.1.0.8017
Mitel 6930 Sip Firmware>=6.0.0.368<6.1.0.171
Mitel 6930 Sip
and 21 more
CVE-2022-29499
Mitel MiVoice Connect Data Validation Vulnerability
Mitel MiVoice Connect<=22.20.2300.0
CVE-2022-26143
MiCollab, MiVoice Business Express Access Control Vulnerability
Mitel MiCollab, MiVoice Business Express
Mitel MiCollab<9.4
Mitel MiCollab=9.4
Mitel MiCollab=9.4-sp1
Mitel Mivoice Business Express<=8.1
CVE-2021-3352
The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data w...
Mitel MiContact Center Business>=8.0.0.0<=8.1.4.1
Mitel MiContact Center Business>=9.0.0.0<=9.3.1.0
CVE-2021-27402
The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validatio...
Mitel MiCollab, MiVoice Business Express<9.2
Mitel MiCollab, MiVoice Business Express=9.2
Mitel MiCollab, MiVoice Business Express=9.2-fp1
CVE-2021-37586
The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another tenant...
Mitel Interaction Recording<6.7
CVE-2021-32067
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.
Mitel MiCollab, MiVoice Business Express<9.3
CVE-2021-32071
The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view ...
Mitel MiCollab, MiVoice Business Express<9.3
CVE-2021-32070
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an atta...
Mitel MiCollab, MiVoice Business Express<9.3
CVE-2021-32068
The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to ins...
Mitel MiCollab, MiVoice Business Express<9.3
CVE-2021-32072
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitizatio...
Mitel MiCollab, MiVoice Business Express<9.3
CVE-2021-32069
The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and m...
Mitel MiCollab, MiVoice Business Express<9.3
CVE-2021-27401
The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cr...
Mitel MiCollab, MiVoice Business Express<9.2
Mitel MiCollab, MiVoice Business Express=9.2
Mitel MiCollab, MiVoice Business Express=9.2-fp1
CVE-2021-26714
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit...
Mitel MiContact Center Enterprise<9.4
CVE-2020-35547
A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.
Mitel MiCollab, MiVoice Business Express<=9.2
CVE-2021-3176
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, du...
Mitel Businesscti Enterprise<6.4.15
Mitel Businesscti Enterprise>=7.0<7.1.2
CVE-2020-25609
The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could a...
Mitel MiCollab, MiVoice Business Express<9.2
CVE-2020-25606
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.
Mitel MiCollab, MiVoice Business Express<9.2
CVE-2020-27639
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device w...
Mitel 6873i Sip Firmware<5.1.0
Mitel 6873i Sip Firmware=5.1.0
Mitel 6873i Sip Firmware=5.1.0-sp1
Mitel 6873i Sip Firmware=5.1.0-sp2
Mitel 6873i Sip Firmware=5.1.0-sp3
Mitel 6873i Sip Firmware=5.1.0-sp4
and 18 more
CVE-2020-27640
The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phon...
<1.5.3
<1.5.3
CVE-2020-25608
The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.
Mitel MiCollab, MiVoice Business Express<9.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203