Vulnerability Description
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Connect Onsite | <= r1711-prem |
| Mitel | St14.2 | <= ga28 |
Related Weaknesses (CWE)
References
- https://github.com/twosevenzero/shoretel-mitel-rceProductThird Party Advisory
- https://www.exploit-db.com/exploits/46174/ExploitThird Party AdvisoryVDB Entry
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
- https://github.com/twosevenzero/shoretel-mitel-rceProductThird Party Advisory
- https://www.exploit-db.com/exploits/46174/ExploitThird Party AdvisoryVDB Entry
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisorVendor Advisory
FAQ
What is CVE-2018-5782?
CVE-2018-5782 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject P...
How severe is CVE-2018-5782?
CVE-2018-5782 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-5782?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel Connect Onsite, Mitel St14.2.