Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-9102

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.

Published

2018-04-25T20:29:00.633

Last Modified

2024-11-21T04:14:57.740

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mitel	mivoice_connect	≤ 21.84.5535.0	Yes
Application	mitel	st_14.2	≤ 19.49.5200.0	Yes

References

https://www.mitel.com/mitel-product-security-advisory-18-0003 Broken Link, Vendor Advisory ([email protected])
https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf Broken Link, Vendor Advisory ([email protected])
https://www.mitel.com/mitel-product-security-advisory-18-0003 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)