Mitel Product Security Advisory - 15-0006

CGI Flaw in MiCollab AWV

Advisory ID: 15-0006

Publish Date: 2015-07-31

Revision: 1.0


A vulnerability has been identified in a CGI script in MiCollab Audio, Web and Video conferencing (AWV) /Mitel Collaboration Advanced (MCA).

Detailed Description

A CGI script responsible for handling user-supplied data has been identified as vulnerable to attack. Should the vulnerability be successfully exploited, an attacker could execute arbitrary commands with escalated (non-root) privileges, allowing for access to system files and services.

Affected Products

The following products are confirmed to be affected:

Product Name


Security Bulletin

Last Updated

MiCollab (physical MAS)

6.x 5.x 4.x



MiCollab (vMAS)

6.x 5.x 4.x

MiVoice Business Express (MiVB-X)

6.x 5.x

Risk Assessment

The risk of exploiting such vulnerabilities is moderate. An overall CVSS score of 6.4 has been assigned.

Mitigations / Recommended Action

Refer to the security bulletin for steps to mitigate the threat.


Patches are available for versions 6.x and 5.x of the affected products. Refer to security bulletin 15-0006-001 for additional information.

External References