Mitel Security Vulnerabilities (CVEs)
Track 31 security vulnerabilities affecting Mitel products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
An unauthenticated cross-site scripting (XSS) vulnerability in Mitel's Multimedia Email component allows attackers to execute arbitrary scripts in vic...
Jan 15, 2026An authentication bypass vulnerability in Mitel MiVoice MX-ONE Provisioning Manager allows unauthenticated attackers to gain unauthorized access to us...
Jan 15, 2026This vulnerability allows authenticated attackers to execute arbitrary commands on Mitel MiCollab systems through command injection in the Web Confere...
Oct 21, 2024This vulnerability allows unauthenticated attackers to perform path traversal attacks on Mitel MiCollab's NuPoint Unified Messaging component. Attacke...
Oct 21, 2024A CRLF injection vulnerability in Mitel MiCollab AWV component allows unauthenticated attackers to manipulate URLs to conduct phishing attacks. This a...
Oct 21, 2024This vulnerability allows authenticated administrators in Mitel MiCollab web conferencing to inject malicious scripts that execute in other users' bro...
Oct 21, 2024This vulnerability allows unauthenticated attackers to execute arbitrary commands on Mitel MiCollab systems running vulnerable NuPoint Messenger versi...
Oct 21, 2024This vulnerability allows authenticated administrators in Mitel MiCollab's NuPoint Messenger component to escalate privileges and execute arbitrary co...
Oct 21, 2024This critical vulnerability in Mitel MiCollab Desktop Client and MiVoice Business SVI allows unauthenticated attackers to execute arbitrary commands t...
Oct 21, 2024This vulnerability allows authenticated administrators in Mitel MiCollab to conduct SQL injection attacks due to insufficient input validation. Succes...
Oct 21, 2024The Mitel MiCollab AWV component has an SQL injection vulnerability in its API interface that allows unauthenticated attackers to execute arbitrary SQ...
Oct 21, 2024This critical SQL injection vulnerability in Mitel MiCollab's AWV component allows unauthenticated attackers to execute arbitrary SQL commands. Attack...
Oct 21, 2024An unauthenticated attacker can exploit inadequate access controls in Mitel MiContact Center Business's legacy chat component to access sensitive info...
Oct 1, 2024This vulnerability allows authenticated attackers to bypass authorization controls in Mitel MiVoice MX-ONE's provisioning manager. Attackers could gai...
Aug 13, 2024This vulnerability allows authenticated attackers with administrative privileges on Mitel SIP phones to execute arbitrary system commands through argu...
Aug 12, 2024This CVE describes a command injection vulnerability in Mitel 6869i devices that allows authenticated attackers to execute arbitrary shell commands wi...
Jun 9, 2024This vulnerability allows unauthenticated attackers to execute reflected cross-site scripting (XSS) attacks against users of Mitel MiContact Center Bu...
May 29, 2024CVE-2024-28066 is a hardcoded credential vulnerability in Unify CP IP Phone firmware that allows attackers to gain root access using a known default p...
Apr 8, 2024An unauthenticated attacker can exploit an improper configuration in Mitel MiContact Center Business's legacy chat component to access sensitive infor...
Mar 16, 2024This vulnerability allows authenticated attackers to upload malicious files to Atos Unify OpenScape Xpressions WebAssistant, leading to remote code ex...
Feb 8, 2024This vulnerability allows attackers to perform path traversal attacks on Atos Unify OpenScape Xpressions WebAssistant V7 systems. Attackers can potent...
Feb 8, 2024This vulnerability in Mitel MiVoice Connect's Connect Mobility Router allows unauthenticated attackers to conduct account enumeration attacks due to i...
Aug 25, 2023This critical command injection vulnerability in MiVoice Office 400 SMB Controller allows attackers to execute arbitrary system commands with the priv...
Aug 14, 2023This vulnerability allows an unauthenticated attacker with internal network access to execute arbitrary scripts on Mitel MiVoice Connect systems due t...
Aug 14, 2023This vulnerability allows authenticated attackers with internal network access to execute arbitrary commands on MiVoice Connect systems through comman...
May 24, 2023This vulnerability in Mitel MiContact Center Business server allows unauthenticated attackers to download arbitrary files from the system by manipulat...
Feb 13, 2023CVE-2022-29499 is a critical remote code execution vulnerability in Mitel MiVoice Connect's Service Appliance component due to improper input validati...
Apr 26, 2022This vulnerability in Mitel MiContact Center Business allows unauthenticated attackers to view and modify user data without authorization due to impro...
Aug 13, 2021CVE-2021-32071 is a critical vulnerability in Mitel MiCollab Client service that allows unauthenticated attackers to bypass access controls. This enab...
Aug 13, 2021This directory traversal vulnerability in Mitel MiContact Center Enterprise allows attackers to bypass access controls and access restricted files/fol...
Mar 29, 2021This vulnerability in Mitel MiCollab's NuPoint Messenger allows unauthenticated attackers to view and modify user data through a library index page. I...
Jan 29, 2021Why Monitor Mitel Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 31+ known vulnerabilities affecting Mitel products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Mitel packages in under 60 seconds. No agents required - completely agentless scanning that works across Mitel deployments.
Free vulnerability database: Access detailed information about every Mitel CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Mitel CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
