Vulnerability Description
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Mivoice Connect | <= 21.84.5535.0 |
| Mitel | St 14.2 | <= 19.49.5200.0 |
Related Weaknesses (CWE)
References
- https://www.mitel.com/mitel-product-security-advisory-18-0003Broken LinkVendor Advisory
- https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdfBroken LinkVendor Advisory
- https://www.mitel.com/mitel-product-security-advisory-18-0003Broken LinkVendor Advisory
- https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdfBroken LinkVendor Advisory
FAQ
What is CVE-2018-9102?
CVE-2018-9102 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an ...
How severe is CVE-2018-9102?
CVE-2018-9102 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9102?
Check the references section above for vendor advisories and patch information. Affected products include: Mitel Mivoice Connect, Mitel St 14.2.