Mitel ST 14.2 Conferencing Component Arbitrary Code Execution Vulnerability

Mitel ST 14.2 Conferencing Component Arbitrary Code Execution Vulnerability

CVE-2017-16251 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.

Learn more about our User Device Pen Test.