Security Advisories

SECURITY ADVISORIES

Mitel Product Security Advisories are published for moderate and high-risk security issues. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers. Advisories are posted in reverse chronological order.

For Unify product portfolio customers looking for security advisory information about their applications, product security vulnerabilities are published at unify.com/en/support/security-advisories.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. Mitel does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, Mitel’s provision of this information shall not and does not affect the terms or conditions of any agreement with Mitel. Mitel reserves the right to change or update this information without notice at any time.

Click here for a more comprehensive details on Mitel’s Product Security Policy ›

Description	Advisory ID	CVE#	Severity	Publish Date	Last Updated
MiVoice Connect Mobility Router Cross Site Request Forgery (CSRF) Vulnerability	23-0015	CVE-2023-39286	medium	2023-08-23	2023-08-23
MiVoice Connect Edge Gateway Cross Site Request Forgery (CSRF) Vulnerability	23-0014	CVE-2023-39285	medium	2023-08-23	2023-08-23
Command injection vulnerabilities in the Atos Unify OpenScape 4000 Platform and Atos Unify OpenScape 4000 Manager Platform (CVE-2023-45355/CVE-2023-45356)	OBSO-2308-02	CVE-2023-45355, CVE-2023-45356	high	2023-08-10	2023-10-19
MiVoice Connect Mobility Router Information Disclosure Vulnerability	23-0013	CVE-2023-39291	medium	2023-08-09	2023-08-09
MiVoice Connect Edge Gateway Information Disclosure Vulnerability	23-0012	CVE-2023-39290	medium	2023-08-09	2023-08-09
MiVoice Connect Mobility Router Command Argument Injection and Information Disclosure Vulnerabilities	23-0011	CVE-2023-39288 CVE-2023-39289	medium	2023-08-09	2023-08-09
MiVoice Connect Edge Gateway Command Argument Injection Vulnerability	23-0010	CVE-2023-39287	medium	2023-08-09	2023-08-09
Usage of Ghostscript within Atos Unify OpenScape Xpressions	OBSO-2308-01	-	high	2023-08-02	2023-08-02
MiVoice Office 400 SMB Controller Command Injection Vulnerability	23-0009	CVE-2023-39293	critical	2023-08-02	2023-08-02
MiVoice Office 400 SMB Controller SQL Injection Vulnerability	23-0008	CVE-2023-39292	critical	2023-08-02	2023-08-02
Multiple vulnerabilities in Atos Unify OpenScape SBC, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF (CVE-2023-36618/CVE-2023-36619)	OBSO-2307-01	CVE-2023-36618, CVE-2023-36619	high	2023-07-06	2023-07-06
Multiple Vulnerabilities affecting Atos Unify OpenScape Applications (CVE-2023-45352/CVE-2023-45353/CVE-2023-45354)	OBSO-2306-02	CVE-2023-45352, CVE-2023-45353, CVE-2023-45354	high	2023-07-03	2023-10-19
Multiple vulnerabilities affecting Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2023-45349/CVE-2023-45350/CVE-2023-45351)	OBSO-2306-01	CVE-2023-45349, CVE-2023-45350, CVE-2023-45351	high	2023-06-14	2023-10-19
Multiple vulnerabilities in Atos Unify OpenScape Xpressions (CVE-2023-40265/CVE-2023-40266)	OBSO-2305-03	CVE-2023-40265, CVE-2023-40266	high to medium	2023-05-22	2023-05-22
Multiple vulnerabilities affecting Atos Unify OpenScape Voice Trace Manager (CVE-2023-40262/CVE-2023-40263/CVE-2023-40264)	OBSO-2305-02	CVE-2023-40262, CVE-2023-40263, CVE-2023-40264	critical	2023-05-22	2023-05-22
MiVoice Connect Mobility Router Command Injection Vulnerability	23-0007	CVE-2023-31460	high	2023-05-17	2023-05-17
MiVoice Connect Mobility Router Default Password Vulnerability	23-0006	CVE-2023-31459	high	2023-05-17	2023-05-17
MiVoice Connect Default Password Vulnerability	23-0005	CVE-2023-31458	critical	2023-05-17	2023-05-17
MiVoice Connect Improper Access Control Vulnerability	23-0004	CVE-2023-31457 CVE-2023-32748	critical	2023-05-17	2023-05-17
MiVoice Connect Reflected Cross-site Scripting Vulnerability	23-0003	CVE-2023-25598 CVE-2023-25599	medium	2023-05-17	2023-05-17

Description

Advisory ID

CVE#

Severity

Publish Date

Last Updated

MiVoice Connect Mobility Router Cross Site Request Forgery (CSRF) Vulnerability

23-0015

CVE-2023-39286

medium

2023-08-23

MiVoice Connect Edge Gateway Cross Site Request Forgery (CSRF) Vulnerability

23-0014

CVE-2023-39285

medium

2023-08-23

Command injection vulnerabilities in the Atos Unify OpenScape 4000 Platform and Atos Unify OpenScape 4000 Manager Platform (CVE-2023-45355/CVE-2023-45356)

OBSO-2308-02

CVE-2023-45355, CVE-2023-45356

high

2023-08-10

2023-10-19

MiVoice Connect Mobility Router Information Disclosure Vulnerability

23-0013

CVE-2023-39291

medium

2023-08-09

MiVoice Connect Edge Gateway Information Disclosure Vulnerability

23-0012

CVE-2023-39290

medium

2023-08-09

MiVoice Connect Mobility Router Command Argument Injection and Information Disclosure Vulnerabilities

23-0011

CVE-2023-39288 CVE-2023-39289

medium

2023-08-09

MiVoice Connect Edge Gateway Command Argument Injection Vulnerability

23-0010

CVE-2023-39287

medium

2023-08-09

Usage of Ghostscript within Atos Unify OpenScape Xpressions

OBSO-2308-01

high

2023-08-02

MiVoice Office 400 SMB Controller Command Injection Vulnerability

23-0009

CVE-2023-39293

critical

2023-08-02

MiVoice Office 400 SMB Controller SQL Injection Vulnerability

23-0008

CVE-2023-39292

critical

2023-08-02

Multiple vulnerabilities in Atos Unify OpenScape SBC, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF (CVE-2023-36618/CVE-2023-36619)

OBSO-2307-01

CVE-2023-36618, CVE-2023-36619

high

2023-07-06

Multiple Vulnerabilities affecting Atos Unify OpenScape Applications (CVE-2023-45352/CVE-2023-45353/CVE-2023-45354)

OBSO-2306-02

CVE-2023-45352, CVE-2023-45353, CVE-2023-45354

high

2023-07-03

2023-10-19

Multiple vulnerabilities affecting Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager (CVE-2023-45349/CVE-2023-45350/CVE-2023-45351)

OBSO-2306-01

CVE-2023-45349, CVE-2023-45350, CVE-2023-45351

high

2023-06-14

2023-10-19

Multiple vulnerabilities in Atos Unify OpenScape Xpressions (CVE-2023-40265/CVE-2023-40266)

OBSO-2305-03

CVE-2023-40265, CVE-2023-40266

high to medium

2023-05-22

Multiple vulnerabilities affecting Atos Unify OpenScape Voice Trace Manager (CVE-2023-40262/CVE-2023-40263/CVE-2023-40264)

OBSO-2305-02

CVE-2023-40262, CVE-2023-40263, CVE-2023-40264

critical

2023-05-22

MiVoice Connect Mobility Router Command Injection Vulnerability

23-0007

CVE-2023-31460

high

2023-05-17

MiVoice Connect Mobility Router Default Password Vulnerability

23-0006

CVE-2023-31459

high

2023-05-17

MiVoice Connect Default Password Vulnerability

23-0005

CVE-2023-31458

critical

2023-05-17

MiVoice Connect Improper Access Control Vulnerability

23-0004

CVE-2023-31457 CVE-2023-32748

critical

2023-05-17

MiVoice Connect Reflected Cross-site Scripting Vulnerability

23-0003

CVE-2023-25598 CVE-2023-25599

medium

2023-05-17

Search

Select your Region/Country/Language

Americas

Europe

Oceania

SECURITY ADVISORIES

GET NOTIFICATIONS OF THE LATEST SECURITY ADVISORIES SENT RIGHT TO YOUR INBOX EVERY WEEK!

Stay One Step Ahead

Ready to talk to sales? Contact us.