Mitel Product Security Advisory 16-0016

MiCollab Desktop Client Bypasses Windows Firewall

Advisory ID: 16-0016
Publish Date: 2016-11-04
Revision: 1.0

Summary

A vulnerability in the 64-bit version of the MiCollab Desktop Client Web Portal service allows bypass of the host’s Windows firewall.

Detailed Description

MiCollab Desktop Client interfaces with Microsoft Outlook for calendar and contacts information. This information is used by the Desktop Client to manage statuses based on calendar information and use local Outlook contacts in the contact directory.

The MiCollab Desktop Client creates a windows firewall policy to allow interaction between itself and the Microsoft Outlook. This policy on 64-bit machine inadvertently opens a vulnerability whereby programs and services can bypass firewall policies.

Affected Products

The following products were identified as affected:

Product Name Product Versions Security Bulletin Last Updated
MiCollab DT Client (64-bit version) v7.x
v6.x
16-0016-001 2016-11-04

Risk Assessment

This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0 with moderate risk. An attacker would have to have access to the system or network to realize any potential benefit from the exploitation of this vulnerability.

Mitigation / Recommended Action

There is no specific mitigation for the vulnerability. Customers are advised to apply updates available for affected versions of the software. Refer to the Security Bulletin for more information.

External References

http://cwe.mitre.org/data/definitions/264.html

Related CVEs / CWEs / Advisories

CWE-264