Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for st14.2 by mitel

    VAR-201803-1994

    Vulnerability from variot - Updated: 2024-11-23 23:12

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1994",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "connect onsite",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "mitel",
            "version": "r1711-prem"
          },
          {
            "model": "st14.2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "st 14.2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "connect onsite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "r1711-prem"
          },
          {
            "model": "st14.2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "ga28"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5782"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitel:connect_onsite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitel:st14.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          }
        ]
      },
      "cve": "CVE-2018-5782",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-5782",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-5782",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-5782",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-5782",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-535",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-5782",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5782"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5782"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5782"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5782"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5782",
            "trust": 2.5
          },
          {
            "db": "EXPLOIT-DB",
            "id": "46174",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-535",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5782",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5782"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5782"
          }
        ]
      },
      "id": "VAR-201803-1994",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3927273
      },
      "last_update_date": "2024-11-23T23:12:13.663000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "18-0004-001",
            "trust": 0.8,
            "url": "https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf"
          },
          {
            "title": "18-0004",
            "trust": 0.8,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "title": "Mitel Connect ONSITE  and Mitel ST conferencing Fixes for component security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79184"
          },
          {
            "title": "shoretel-mitel-rce",
            "trust": 0.1,
            "url": "https://github.com/twosevenzero/shoretel-mitel-rce "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5782"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5782"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/twosevenzero/shoretel-mitel-rce"
          },
          {
            "trust": 1.7,
            "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 1.7,
            "url": "https://www.exploit-db.com/exploits/46174/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5782"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5782"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/94.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5782"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5782"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5782"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5782"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5782"
          },
          {
            "date": "2018-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          },
          {
            "date": "2018-03-14T16:29:00.430000",
            "db": "NVD",
            "id": "CVE-2018-5782"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5782"
          },
          {
            "date": "2018-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          },
          {
            "date": "2019-04-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          },
          {
            "date": "2024-11-21T04:09:23.113000",
            "db": "NVD",
            "id": "CVE-2018-5782"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitel Connect ONSITE and  ST 14.2 Code injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002798"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-535"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1092

    Vulnerability from variot - Updated: 2024-11-23 23:05

    A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. Mitel ST 14.2 Contains an information disclosure vulnerability.Information may be obtained. MitelST is a video conferencing product from Mitel, Canada. A security vulnerability exists in MitelST14.2GA28 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1092",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "st14.2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "st 14.2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitel",
            "version": "release ga28"
          },
          {
            "model": "st ga28",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "14.2"
          },
          {
            "model": "st14.2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "ga28"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16250"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitel:st14.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          }
        ]
      },
      "cve": "CVE-2017-16250",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-16250",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-07894",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-16250",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-16250",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-16250",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-07894",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-172",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16250"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. Mitel ST 14.2 Contains an information disclosure vulnerability.Information may be obtained. MitelST is a video conferencing product from Mitel, Canada. A security vulnerability exists in MitelST14.2GA28 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-16250"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-16250",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-172",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16250"
          }
        ]
      },
      "id": "VAR-201803-1092",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          }
        ],
        "trust": 0.9927273
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:05:09.860000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "18-0004-001",
            "trust": 0.8,
            "url": "https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf"
          },
          {
            "title": "18-0004",
            "trust": 0.8,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "title": "MitelST Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/126131"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16250"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.2,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 1.0,
            "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16250"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16250"
          },
          {
            "trust": 0.6,
            "url": "https://www.mitel.com/sites/default/files/security-bulletin-18-0004-001v1.0-2018-03-06.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16250"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16250"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          },
          {
            "date": "2018-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          },
          {
            "date": "2017-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-172"
          },
          {
            "date": "2018-03-13T19:29:00.217000",
            "db": "NVD",
            "id": "CVE-2017-16250"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-07894"
          },
          {
            "date": "2018-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-172"
          },
          {
            "date": "2024-11-21T03:16:06.573000",
            "db": "NVD",
            "id": "CVE-2017-16250"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-172"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitel ST 14.2 Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012963"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-172"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1993

    Vulnerability from variot - Updated: 2024-11-23 23:05

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1993",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "connect onsite",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "mitel",
            "version": "r1711-prem"
          },
          {
            "model": "st14.2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "st 14.2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "connect onsite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "r1711-prem"
          },
          {
            "model": "st14.2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "ga28"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5781"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitel:connect_onsite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitel:st14.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          }
        ]
      },
      "cve": "CVE-2018-5781",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-5781",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-5781",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-5781",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-5781",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-536",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-5781",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5781"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5781"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5781"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5781"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5781",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-536",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5781",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5781"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5781"
          }
        ]
      },
      "id": "VAR-201803-1993",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3927273
      },
      "last_update_date": "2024-11-23T23:05:09.324000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "18-0004-001",
            "trust": 0.8,
            "url": "https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf"
          },
          {
            "title": "18-0004",
            "trust": 0.8,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "title": "Mitel Connect ONSITE  and Mitel ST conferencing Fixes for component security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79185"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5781"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5781"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5781"
          },
          {
            "trust": 0.6,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 0.6,
            "url": "https://www.mitel.com/sites/default/files/security-bulletin-18-0004-001v1.0-2018-03-06.pdf"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/94.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5781"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5781"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5781"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5781"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5781"
          },
          {
            "date": "2018-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          },
          {
            "date": "2018-03-14T16:29:00.383000",
            "db": "NVD",
            "id": "CVE-2018-5781"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5781"
          },
          {
            "date": "2018-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          },
          {
            "date": "2024-11-21T04:09:22.973000",
            "db": "NVD",
            "id": "CVE-2018-5781"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitel Connect ONSITE and  ST 14.2 Code injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002797"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-536"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1992

    Vulnerability from variot - Updated: 2024-11-23 22:52

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1992",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "connect onsite",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "mitel",
            "version": "r1711-prem"
          },
          {
            "model": "st14.2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "st 14.2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "connect onsite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "r1711-prem"
          },
          {
            "model": "st14.2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "ga28"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5780"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitel:connect_onsite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitel:st14.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          }
        ]
      },
      "cve": "CVE-2018-5780",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-5780",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-5780",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-5780",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-5780",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-537",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-5780",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5780"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5780"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5780",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-537",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5780",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5780"
          }
        ]
      },
      "id": "VAR-201803-1992",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3927273
      },
      "last_update_date": "2024-11-23T22:52:11.034000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "18-0004-001",
            "trust": 0.8,
            "url": "https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf"
          },
          {
            "title": "18-0004",
            "trust": 0.8,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "title": "Mitel Connect ONSITE  and Mitel ST conferencing Fixes for component security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79186"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5780"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5780"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5780"
          },
          {
            "trust": 0.6,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 0.6,
            "url": "https://www.mitel.com/sites/default/files/security-bulletin-18-0004-001v1.0-2018-03-06.pdf"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/94.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5780"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5780"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5780"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5780"
          },
          {
            "date": "2018-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          },
          {
            "date": "2018-03-14T16:29:00.337000",
            "db": "NVD",
            "id": "CVE-2018-5780"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5780"
          },
          {
            "date": "2018-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          },
          {
            "date": "2024-11-21T04:09:22.830000",
            "db": "NVD",
            "id": "CVE-2018-5780"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitel Connect ONSITE and  ST 14.2 Code injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002796"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-537"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1093

    Vulnerability from variot - Updated: 2024-11-23 22:30

    A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. Mitel ST 14.2 Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MitelST is a video conferencing product from Mitel, Canada. The conferencing component is one of the conferencing components. A security vulnerability exists in the conferencing component of MitelST14.2GA28 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1093",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "st14.2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "st 14.2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitel",
            "version": "release ga28"
          },
          {
            "model": "st ga28",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "14.2"
          },
          {
            "model": "st14.2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "ga28"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16251"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitel:st14.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          }
        ]
      },
      "cve": "CVE-2017-16251",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2017-16251",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2018-07893",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2017-16251",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-16251",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-16251",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-07893",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201711-173",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16251"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. Mitel ST 14.2 Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MitelST is a video conferencing product from Mitel, Canada. The conferencing component is one of the conferencing components. A security vulnerability exists in the conferencing component of MitelST14.2GA28 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-16251"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-16251",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-173",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16251"
          }
        ]
      },
      "id": "VAR-201803-1093",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          }
        ],
        "trust": 0.9927273
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:30:29.201000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "18-0004-001",
            "trust": 0.8,
            "url": "https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf"
          },
          {
            "title": "18-0004",
            "trust": 0.8,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "title": "Patch for MitelSTconferencing Component File Upload Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/126133"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-434",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16251"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.2,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 1.0,
            "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16251"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16251"
          },
          {
            "trust": 0.6,
            "url": "https://www.mitel.com/sites/default/files/security-bulletin-18-0004-001v1.0-2018-03-06.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16251"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-16251"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          },
          {
            "date": "2018-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          },
          {
            "date": "2017-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-173"
          },
          {
            "date": "2018-03-13T19:29:00.280000",
            "db": "NVD",
            "id": "CVE-2017-16251"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-07893"
          },
          {
            "date": "2018-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201711-173"
          },
          {
            "date": "2024-11-21T03:16:06.720000",
            "db": "NVD",
            "id": "CVE-2017-16251"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-173"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitel ST 14.2 Vulnerable to unlimited upload of dangerous types of files",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-012964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201711-173"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1991

    Vulnerability from variot - Updated: 2024-11-23 22:17

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1991",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "connect onsite",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "mitel",
            "version": "r1711-prem"
          },
          {
            "model": "st14.2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "st 14.2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "mitel",
            "version": "ga28"
          },
          {
            "model": "connect onsite",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "r1711-prem"
          },
          {
            "model": "st14.2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mitel",
            "version": "ga28"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5779"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mitel:connect_onsite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mitel:st14.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          }
        ]
      },
      "cve": "CVE-2018-5779",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-5779",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-5779",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-5779",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-5779",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-538",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-5779",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5779"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5779"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5779"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5779"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5779",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-538",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5779",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5779"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5779"
          }
        ]
      },
      "id": "VAR-201803-1991",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3927273
      },
      "last_update_date": "2024-11-23T22:17:36.961000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "18-0004-001",
            "trust": 0.8,
            "url": "https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf"
          },
          {
            "title": "18-0004",
            "trust": 0.8,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "title": "Mitel Connect ONSITE  and Mitel ST conferencing Fixes for component security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79187"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5779"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5779"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5779"
          },
          {
            "trust": 0.6,
            "url": "https://www.mitel.com/mitel-product-security-advisory-18-0004"
          },
          {
            "trust": 0.6,
            "url": "https://www.mitel.com/sites/default/files/security-bulletin-18-0004-001v1.0-2018-03-06.pdf"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/94.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5779"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5779"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2018-5779"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5779"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5779"
          },
          {
            "date": "2018-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "date": "2018-03-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          },
          {
            "date": "2018-03-14T16:29:00.257000",
            "db": "NVD",
            "id": "CVE-2018-5779"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5779"
          },
          {
            "date": "2018-05-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          },
          {
            "date": "2024-11-21T04:09:22.683000",
            "db": "NVD",
            "id": "CVE-2018-5779"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mitel Connect ONSITE and  ST 14.2 Code injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002795"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-538"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2018-5782 (GCVE-0-2018-5782)

    Vulnerability from nvd – Published: 2018-03-14 16:00 – Updated: 2024-08-05 05:47
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:47:55.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              },
              {
                "name": "46174",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46174/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twosevenzero/shoretel-mitel-rce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-24T18:27:48.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            },
            {
              "name": "46174",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46174/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twosevenzero/shoretel-mitel-rce"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5782",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                },
                {
                  "name": "46174",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46174/"
                },
                {
                  "name": "https://github.com/twosevenzero/shoretel-mitel-rce",
                  "refsource": "MISC",
                  "url": "https://github.com/twosevenzero/shoretel-mitel-rce"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5782",
        "datePublished": "2018-03-14T16:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:47:55.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5781 (GCVE-0-2018-5781)

    Vulnerability from nvd – Published: 2018-03-14 16:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:51.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5781",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5781",
        "datePublished": "2018-03-14T16:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:51.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5780 (GCVE-0-2018-5780)

    Vulnerability from nvd – Published: 2018-03-14 16:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:51.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5780",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5780",
        "datePublished": "2018-03-14T16:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:51.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5779 (GCVE-0-2018-5779)

    Vulnerability from nvd – Published: 2018-03-14 16:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:51.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5779",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5779",
        "datePublished": "2018-03-14T16:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:51.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16251 (GCVE-0-2017-16251)

    Vulnerability from nvd – Published: 2018-03-13 19:00 – Updated: 2024-08-05 20:20
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:20:05.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-16251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-16251",
        "datePublished": "2018-03-13T19:00:00.000Z",
        "dateReserved": "2017-10-31T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:20:05.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16250 (GCVE-0-2017-16250)

    Vulnerability from nvd – Published: 2018-03-13 19:00 – Updated: 2024-08-05 20:20
    VLAI
    Summary
    A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:20:05.315Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-16250",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-16250",
        "datePublished": "2018-03-13T19:00:00.000Z",
        "dateReserved": "2017-10-31T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:20:05.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5780 (GCVE-0-2018-5780)

    Vulnerability from cvelistv5 – Published: 2018-03-14 16:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:51.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5780",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5780",
        "datePublished": "2018-03-14T16:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:51.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5782 (GCVE-0-2018-5782)

    Vulnerability from cvelistv5 – Published: 2018-03-14 16:00 – Updated: 2024-08-05 05:47
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:47:55.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              },
              {
                "name": "46174",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46174/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/twosevenzero/shoretel-mitel-rce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-24T18:27:48.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            },
            {
              "name": "46174",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46174/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/twosevenzero/shoretel-mitel-rce"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5782",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                },
                {
                  "name": "46174",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46174/"
                },
                {
                  "name": "https://github.com/twosevenzero/shoretel-mitel-rce",
                  "refsource": "MISC",
                  "url": "https://github.com/twosevenzero/shoretel-mitel-rce"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5782",
        "datePublished": "2018-03-14T16:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:47:55.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5779 (GCVE-0-2018-5779)

    Vulnerability from cvelistv5 – Published: 2018-03-14 16:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:51.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5779",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5779",
        "datePublished": "2018-03-14T16:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:51.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5781 (GCVE-0-2018-5781)

    Vulnerability from cvelistv5 – Published: 2018-03-14 16:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:51.317Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5781",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5781",
        "datePublished": "2018-03-14T16:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:51.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16250 (GCVE-0-2017-16250)

    Vulnerability from cvelistv5 – Published: 2018-03-13 19:00 – Updated: 2024-08-05 20:20
    VLAI
    Summary
    A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:20:05.315Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-16250",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-16250",
        "datePublished": "2018-03-13T19:00:00.000Z",
        "dateReserved": "2017-10-31T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:20:05.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16251 (GCVE-0-2017-16251)

    Vulnerability from cvelistv5 – Published: 2018-03-13 19:00 – Updated: 2024-08-05 20:20
    VLAI
    Summary
    A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:20:05.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T17:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-16251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-16251",
        "datePublished": "2018-03-13T19:00:00.000Z",
        "dateReserved": "2017-10-31T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:20:05.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }