Filtered by vendor Mitel
Subscribe
Search
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32748 | 1 Mitel | 1 Mivoice Connect | 2023-08-22 | N/A | 9.8 CRITICAL |
| The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. | |||||
| CVE-2023-39293 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2023-08-21 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. | |||||
| CVE-2023-39292 | 1 Mitel | 3 Mivoice Office 400, Mivoice Office 400 Smb Controller, Mivoice Office 400 Smb Controller Firmware | 2023-08-21 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. | |||||
| CVE-2022-41326 | 1 Mitel | 1 Micollab | 2023-08-08 | N/A | 9.8 CRITICAL |
| The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. | |||||
| CVE-2022-26143 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2023-08-08 | 9.0 HIGH | 9.8 CRITICAL |
| The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. | |||||
| CVE-2022-31784 | 1 Mitel | 2 Mivoice Business, Mivoice Business Express | 2022-06-30 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution. | |||||
| CVE-2022-29499 | 1 Mitel | 1 Mivoice Connect | 2022-05-05 | 10.0 HIGH | 9.8 CRITICAL |
| The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. | |||||
| CVE-2021-32071 | 1 Mitel | 1 Micollab | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an attacker to view and modify application data, and cause a denial of service for users. | |||||
| CVE-2021-3352 | 1 Mitel | 1 Micontact Center Business | 2021-08-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access (view and modify) user data without authorization due to improper handling of tokens. | |||||
| CVE-2020-10377 | 1 Mitel | 2 Mivoice Connect, Mivoice Connect Client | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials. | |||||
| CVE-2020-35547 | 1 Mitel | 1 Micollab | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. | |||||
| CVE-2019-12165 | 1 Mitel | 2 Micollab, Micollab Audio\, Web \& Video Conferencing | 2021-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands. | |||||
| CVE-2021-26714 | 1 Mitel | 1 Micontact Center Enterprise | 2021-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal. | |||||
| CVE-2020-24594 | 1 Mitel | 1 Micloud Management Portal | 2020-09-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | |||||
| CVE-2018-19275 | 1 Mitel | 2 Cmg Suite, Inattend | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and availability of the system. | |||||
| CVE-2020-10211 | 1 Mitel | 2 Mivoice Connect, Mivoice Connect Client | 2020-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information. | |||||
| CVE-2019-19607 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2019-19608 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2020-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2018-18286 | 1 Mitel | 1 Cmg Suite | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2018-18285 | 1 Mitel | 1 Cmg Suite | 2019-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2018-5782 | 1 Mitel | 2 Connect Onsite, St14.2 | 2019-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. | |||||
| CVE-2018-15497 | 1 Mitel | 2 Mivoice 5330e, Mivoice 5330e Firmware | 2019-01-25 | 10.0 HIGH | 9.8 CRITICAL |
| The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution. | |||||
| CVE-2018-5779 | 1 Mitel | 2 Connect Onsite, St14.2 | 2018-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. | |||||
| CVE-2018-5780 | 1 Mitel | 2 Connect Onsite, St14.2 | 2018-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. | |||||
| CVE-2018-5781 | 1 Mitel | 2 Connect Onsite, St14.2 | 2018-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. | |||||