CVE-2018-9102

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions R1707-PREM SP1 (21.84.5535.0) and earlier Mitel ST 14.2 versions GA27 (19.49.5200.0) and earlier

Description The issue is related to insufficient input validation for the signin interface, which could allow an unauthenticated attacker to conduct an SQL injection attack. A successful exploit could allow an attacker to extract sensitive information from the database.

Recommendations For Mitel MiVoice Connect versions R1707-PREM SP1 (21.84.5535.0) and earlier, update to a version later than R1707-PREM SP1 (21.84.5535.0) to resolve the issue. For Mitel ST 14.2 versions GA27 (19.49.5200.0) and earlier, update to a version later than GA27 (19.49.5200.0) to resolve the issue. As a temporary workaround, consider restricting access to the signin interface until a patch is available.