Mitel ST 14.2 Conferencing Component Arbitrary Code Execution Vulnerability
CVE-2017-16251 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
Learn more about our User Device Pen Test.