Mitel Product Security Advisory 16-0009

Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000

Advisory ID: 16-0009
Publish Date: 2016-03-18
Revision: 1.0

Summary

Authentication bypass vulnerabilities have been identified on the MiVoice Office 250 (formerly Mitel 5000).

Detailed Description

The discovered vulnerabilities allow unauthorized access to system functions, including user management. Instances of toll-fraud, resulting from these vulnerabilities have been identified.
Due to the attack vector, other negative side-effects are conceivable. 

Mitel is recommending customers with affected product versions to update to an unaffected release and take additional precautions.

Affected Products

The following products have been identified as affected:

Product Name Product Versions Security Bulletin Last Updated
MiVoice Office 250 6.1 16-0009-001 2016-03-18
Mitel 5000 6.0 16-0009-001 2016-03-18

Risk Assessment

Mitel has rated the risk of this vulnerability as High.

Refer to the product Security Bulletin for CVSS scoring and additional statements of risk.

Mitigation / Recommended Action

Customers are advised to update MiVoice Office 250 to an unaffected version of software as soon as possible, and take additional precautions to secure their installation.
Refer to the product Security Bulletin for additional recommendations.

External References

n/a

Related CVEs / Advisories

n/a