Mitel Audio And Web Conferencing (AWC) Remote Arbitrary Shell Command Injection Vulnerability Network Vulnerability

Summary

Mitel Audio and Web Conferencing (AWC) is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.

Solution

The reporter indicates that updates are available Symantec has not confirmed this. Please see the references for details.

References

http://www.mitel.com/DocController?documentId=26451
http://www.securityfocus.com/archive/1/515403
https://www.securityfocus.com/bid/45537

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
ASP-Dev XM Event Diary Multiple Vulnerabilities
Artifectx xClassified 'catid' SQL Injection Vulnerability
Agora CGI Cross Site Scripting
Arkeia Appliance Path Traversal Vulnerability

Mitel Audio and Web Conferencing (AWC) Remote Arbitrary Shell Command Injection Vulnerability

Take action and discover your vulnerabilities