CVE-2018-9101

6.1MEDIUM

Key Information:

Vendor: Mitel
Status: St 14.2; Mivoice Connect
Vendor: CVE Published:; 25 April 2018

Summary

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

References

https://www.mitel.com/mitel-product-security-advisory-18-...

x_refsource_CONFIRM

https://www.mitel.com/sites/default/files/2018-Security-B...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 25, 2018
Vulnerability Reserved
Mar 27, 2018