CVE-2019-12165

EUVD-2019-3814
MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, and 7.1 (7.1.0.57) and earlier and MiCollab AWV 6.3 (6.3.0.103), 6.2 (6.2.2.8), 6.1 (6.1.0.28), 6.0 (6.0.0.61), and 5.0 (5.0.5.7) have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execute arbitrary system commands.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
mitelmicollab
7.1 ≤
𝑥
≤ 7.1.0.57
mitelmicollab
7.2 ≤
𝑥
≤ 7.2.2.13
mitelmicollab
7.3 ≤
𝑥
≤ 7.3.0.204
mitelmicollab_audio\,_web_\&_video_conferencing
5.0 ≤
𝑥
≤ 5.0.5.7
mitelmicollab_audio\,_web_\&_video_conferencing
6.0 ≤
𝑥
≤ 6.0.0.61
mitelmicollab_audio\,_web_\&_video_conferencing
6.1 ≤
𝑥
≤ 6.1.0.28
mitelmicollab_audio\,_web_\&_video_conferencing
6.2 ≤
𝑥
≤ 6.2.2.8
mitelmicollab_audio\,_web_\&_video_conferencing
6.3 ≤
𝑥
≤ 6.3.0.103
𝑥
= Vulnerable software versions
References
https://www.mitel.com/-/media/mitel/pdf/content-entry-pdf/en-security-bulletin-17-0010-004.pdf
https://www.mitel.com/-/media/mitel/pdf/content-entry-pdf/en-security-bulletin-17-0010-004.pdf