Jared Mclaren

**Name of the Vulnerable Software and Affected Versions** Mitel Connect ONSITE versions R1711-PREM and earlier Mitel ST 14.2 release GA28 and earlier **Description** A vulnerability in the conferencing component could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the "vsethost.php" page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. The issue is related to incorrect code generation management. An attacker could exploit this vulnerability by sending specially crafted requests to the `vsethost.php` script, allowing them to inject and execute arbitrary PHP code. **Recommendations** For Mitel Connect ONSITE versions R1711-PREM and earlier, consider disabling access to the `vsethost.php` page until a patch is available. For Mitel ST 14.2 release GA28 and earlier, restrict access to the conferencing component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mitel Connect ONSITE versions R1711-PREM and earlier Mitel ST 14.2 release GA28 and earlier **Description** A vulnerability in the conferencing component could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the "vendrecording.php" page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. The issue is related to incorrect code generation management, which may enable a remote attacker to inject and execute arbitrary code in the generated PHP file using specially crafted requests to the "vendrecording.php" script. **Recommendations** For Mitel Connect ONSITE versions R1711-PREM and earlier, consider disabling access to the "vendrecording.php" page until a patch is available. For Mitel ST 14.2 release GA28 and earlier, restrict access to the vulnerable conferencing component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mitel Connect ONSITE versions R1711-PREM and earlier Mitel ST 14.2 release GA28 and earlier **Description** A vulnerability in the conferencing component could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the "vnewmeeting.php" page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. The issue is related to incorrect code generation management, which may allow a remote attacker to embed arbitrary code in a generated PHP file and execute it. **Recommendations** For Mitel Connect ONSITE versions R1711-PREM and earlier, consider disabling access to the "vnewmeeting.php" page until a patch is available. For Mitel ST 14.2 release GA28 and earlier, restrict access to the conferencing component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mitel Connect ONSITE versions R1711-PREM and earlier Mitel ST 14.2 release GA28 and earlier **Description** A vulnerability in the conferencing component could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. The issue is related to incorrect code generation management, which may enable a remote attacker to inject and execute arbitrary code in the generated PHP file using specially crafted requests. **Recommendations** For Mitel Connect ONSITE versions R1711-PREM and earlier, update to a version later than R1711-PREM to resolve the issue. For Mitel ST 14.2 release GA28 and earlier, update to a release later than GA28 to resolve the issue. As a temporary workaround, consider restricting access to the conferencing component to minimize the risk of exploitation.