CVE-2018-9102
Last modified
CVE-2018-9102 is a vulnerability of currently unknown severity. A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.. EPSS estimates a 1.07% chance of exploitation in the next 30 days.
Description
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mitel | Mivoice Connect | <= 21.84.5535.0 |
| Mitel | St 14.2 | <= 19.49.5200.0 |
References
- https://www.mitel.com/mitel-product-security-advisory-18-0003Broken Link, Vendor Advisory
- https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdfBroken Link, Vendor Advisory
- https://www.mitel.com/mitel-product-security-advisory-18-0003Broken Link, Vendor Advisory
- https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdfBroken Link, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-9102?
How severe is CVE-2018-9102?
How do I fix CVE-2018-9102?
Are you affected by CVE-2018-9102?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST