Mitel Security Advisory for MiVoice Connect Client

June 16, 2020

We want to make sure you are aware of an important update regarding a potential vulnerability with the Mitel MiVoice Connect client.

Mitel has identified a vulnerability in the MiVoice Connect Client affecting the following versions:

Product Name Product Versions Vulnerability
MiVoice Connect Client MiVoice Connect Client 214.100.1222.0 and earlier A Remote Code Execution vulnerability has been identified in the Connect Client of MiVoice Connect. This vulnerability if exploited could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, directory traversal and run under the context of the chat client.

The Fix

Mitel is recommending customers with affected product versions, update to the latest release.

The full advisory bulletin and affected product versions can be found here:

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0006

Please note that this is a very low risk/weak encryption vulnerability.

Next Steps

As always, our support team is here to assist you with the current fix for this, which is to upgrade to the latest MiVoice Connect release. Please reach out to the support team in one of the following ways to schedule an upgrade:

  1. Phone: 855-9-INFLOW
  2. Support portal: https://support.inflowcommunications.com
  3. Email: support@inflowcommuncations.com

Not an Inflow customer?

You have a choice when it comes to your Mitel partnership. Let’s chat about your options today!

Related Posts

mitel tech resources
mitel tech resources
mitel tech resources