VYPR
Vendor

Mitel

Products
39
CVEs
155
Across products
187
Status
Private

Products

39
View all 39 products →

Recent CVEs

155
View all 155 CVEs →
  • CVE-2014-0160HigKEVApr 7, 2014
    risk 0.72cvss 7.5epss 1.00

    The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by…

  • CVE-2018-5782CriMar 14, 2018
    risk 0.68cvss 9.8epss 0.20

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful…

  • CVE-2025-52913CriAug 8, 2025
    risk 0.64cvss 9.8epss 0.00

    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access,…

  • CVE-2024-28815CriMar 27, 2024
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system.

  • CVE-2018-5781CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page.…

  • CVE-2018-5780CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page.…

  • CVE-2018-5779CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated…

  • CVE-2024-31967CriMay 2, 2024
    risk 0.59cvss 9.1epss 0.00

    A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A…

  • CVE-2025-23093HigFeb 6, 2025
    risk 0.57cvss 8.8epss 0.01

    The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful…

  • CVE-2017-16251HigMar 13, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within…

  • CVE-2025-47187HigJul 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to…

  • CVE-2025-48026HigJun 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to read files from the…

  • CVE-2024-31964HigMay 2, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication…

  • CVE-2025-23094HigFeb 6, 2025
    risk 0.48cvss 7.3epss 0.01

    The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter…

  • CVE-2025-23092HigJun 23, 2025
    risk 0.47cvss 7.2epss 0.01

    Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with administrative privileges to conduct a path traversal attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to upload arbitrary files…

  • CVE-2024-11346HigFeb 13, 2025
    risk 0.47cvss 7.3epss 0.00

    : Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through…

  • CVE-2025-27828HigJun 24, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input…

  • CVE-2025-27827HigJun 24, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could…

  • CVE-2024-41711MedAug 13, 2024
    risk 0.44cvss 6.8epss 0.01

    A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to…

  • CVE-2018-3639MedMay 22, 2018
    risk 0.44cvss 5.5epss 0.61

    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis,…