Mitel Security Advisory for MiVoice Connect

Product Name Product Versions Vulnerability
MiVoice Connect MiVoice Connect 19.1 and earlier A remote code execution vulnerability in the UCB component of MiVoice Connect could allow an unauthenticated remote attacker to execute arbitrary code due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information.
MiVoice Connect Client MiVoice Connect Client 214.100.1213.0 and earlier A weak encryption vulnerability in MiVoice Connect Client could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials.