Mitel Product Security Advisory 16-0011

Multiple Vulnerabilities in ImageMagick

Advisory ID: 16-0011
Publish Date: 2016-05-09
Revision: 1.2 (updated 2016-06-03)

Summary

Multiple vulnerabilities have been discovered in ImageMagick, an image framework used in some Mitel products. These vulnerabilities are collectively known as ImageTragick.

The following CVE IDs are associated with this vulnerability:

  • CVE-2016-3714
  • CVE-2016-3715
  • CVE-2016-3716
  • CVE-2016-3717
  • CVE-2016-3718

Detailed Description

According to the Vulnerability Summaries for the aforementioned CVEs, the identified vulnerabilities potentially allow for the execution of arbitrary code or shell commands, server-side forgery (SSRF) attacks, or unauthorized access and manipulation of image files.

As per the ImageTragick page,

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.

ImageMagick is included in Mitel Standard Linux (MSL) and may be included in other Mitel products.  Only those products using the ImageMagic package are potentially vulnerable.

These vulnerabilities have varied levels of risk.  CVE-2016-3714 has a CVSS v2 score of 10.0 (high).

Affected Products
The following products have been identified as being affected and vulnerable (updated 2016-06-03):

Product Name

Product Versions

Security Bulletin

Last Updated

MiCollab NPM
MiCollab 6.0.205.0  
(NPM 7 SP2; 17.2.0.3)
 
MiCollab 7.1.0.55  
(NPM 8 SP1; 18.1.0.23)
16-0011-003 2016-06-02 
MiVoice5000 5.4, 6.1, 6.2 16-0011-001 2016-06-02
MiVoice5000 Compact 5.4, 6.1, 6.2 16-0011-001 2016-06-02
MiVoice5000 Manager 2.4, 3.1, 3.2 16-0011-001 2016-06-02
NuPoint
NPM 7 SP2 (17.2.0.3) 
NPM 8 SP1 (18.1.0.23)
16-0011-002 2016-06-02


Products not Affected
The following products are not vulnerable as they do not include ImageMagick (updated 2016-05-12):

Product Name

Versions

3250

All

5300 series digital

All

5550 IP Console

All

6700i, 6800i (Praxis) Series SIP Phones

All

9000i Series (9480i, 9143i, 9133i, 9112i) SIP Phones

All

Aastra 1560ip

All

Aastra 2380ip

All

Aastra 5300ip

All

BluStar 8000i

All

BluStar Client (PC)

All

BluStar Server

All

Centergy Virtual Contact Center

All

Clearspan (Acme Packet Core SBC)

All

Clearspan (AudioCodes eSBC / Gateway)

All

Clearspan (Broadworks Platform)

All

Clearspan (Edgewater eSBC)

All

CMG

All

CPU2 / CPU2-S on Mitel 470 Controller

All

CT Gateway

All

D.N.A. Application Suite

All

DECToverIP (Mitel 100 | OpenCom 100))

All

DECToverIP (OC1000)

All

ER Adviser

All

InAttend

All

MiCollab Client (Desktop/Web)

All

MiContact Center Business

All

MiContact Center Enterprise 9.1

All

MiContact Center for Microsoft Lync

All

MiContact Center Solidus 9.0 SP1

All

Mitel 700 (5.x SPX)

All

Mitel 800

All

Mitel Alarm Server

All

Mitel100/OpenComX320

All

Mitel5000 Gateway

All

MiVoice Business - MCD (PPC)

All

MiVoice Business Console

All

MiVoice Call Accounting

All

MiVoice IP Phones 53xx, 5540

All

MiVoice IP Phones 5560, 5505

All

MiVoice Office 250 (Mitel 5000)

All

MiVoice Office 400

All

MiVoice MX-ONE Provisioning Manager  (6.x SPX)

All

MiVoice MX-ONE SaaS Express or Express  (6.x SPX)

All

MX-ONE Manager Provisioning 5.0 SPX

All

MX-ONE Manager Telephony Server 5.0 SPX

All

MX-ONE Telephony Server 5.0 SPX

All

Open Interfaces Platform (OIP, OIP WebAdmin)

All

OpenCom 1000 family

All

OpenPhone 7x IP

All

PointSpan

All

Redirection and Configuration Service (RCS)

All

S850i (Revolabs OEM)

All

Secure IP Remote Management SRM

All

SIP-DECT

All

SIP-DECT Open Mobility Manager

All

SIP-DECT with Cloud-ID

All

Solidus eCare 8.3 SP4

All

SX-200 ICP

All

Telephony Switch (TSW)

All

Telepo

All

 

The following products are not vulnerable as they do not use ImageMagick (updated 2016-05-13):

Product Name

Versions

MiCollab (MAS) / (SAS) / vMAs

All

MiCollab (MCA)

All

MiCollab Client Server

All

Mitel 700

All

Mitel Standard Linux (MSL)

All

MiVoice Border Gateway(MBG)

All

MiVoice Business - MCD for ISS 

All

MiVoice Business - MXe Server

All

MiVoice Business Express 

All

MiVoice Office 400 Virtual Appliance 

All

MiMXL

All

Multi-Instance Communications Director (MiCD)

All

MiVoice MX-ONE Provisioning Manager 

6.x SPX

MiVoice MX-ONE SaaS Express or Express

6.x SPX

MX-ONE Service Node  6.x SPX
MX-ONE Service Node Manager  6.x SPX
MX-ONE Media Server  6.x SPX
OIG All
Oria All
Virtual MiVoice Communications Director (vMCD)  All


Products Under Investigation

Mitel continues to investigate these vulnerabilities to determine affected products and risk.  This security advisory will be updated during the course of the investigation as details become available.

External References

https://imagetragick.com

Related CVEs / Advisories

CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
CVE-2016-3718