Description
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004
Scores
CVSS v3
8.8
EPSS
0.0144
EPSS Percentile
80.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
mitel/st14.2
< ga28
Published
Mar 13, 2018
Tracked Since
Feb 18, 2026