Mitel Security Advisory for MiVoice Connect

May 5, 2020

We want to make sure you are aware of an important update regarding a potential vulnerability with the Mitel MiVoice Connect platform.

Mitel has identified multiple vulnerabilities in MiVoice Connect and MiVoice Connect Client affecting the following versions:

Product Name Product Versions Vulnerability
MiVoice Connect MiVoice Connect 19.1 and earlier A remote code execution vulnerability in the UCB component of MiVoice Connect could allow an unauthenticated remote attacker to execute arbitrary code due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information.
MiVoice Connect Client MiVoice Connect Client 214.100.1213.0 and earlier A weak encryption vulnerability in MiVoice Connect Client could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials.

The Fix

Mitel is recommending customers with affected product versions, update to the latest release.

The full advisory bulletin and affected product versions can be found here:

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0004

Please note that this is a very low risk/weak encryption vulnerability.

Next Steps

As always, our support team is here to assist you with the current fix for this, which is to upgrade to the latest MiVoice Connect release. Please reach out to the support team in one of the following ways to schedule an upgrade:

  1. Phone: 855-9-INFLOW
  2. Support portal: https://support.inflowcommunications.com
  3. Email: support@inflowcommuncations.com

Not an Inflow customer?

You have a choice when it comes to your Mitel partnership. Let’s chat about your options today!

Related Posts

mitel tech resources
mitel tech resources
mitel tech resources