Mitel Product Security Advisory 16-0018

MiCollab Client Web Portal Call Service Vulnerability

Advisory ID: 16-0018
Publish Date: 2016-11-04
Revision: 1.0

Summary

A vulnerability in the MiCollab Client Web Portal service has been identified, allowing authenticated users to place calls using a different user’s account.

Credit is given to Michiel Singor for the discovery

Detailed Description

This vulnerability makes it possible to place calls from a variable source to a variable destination without validating the source of the POST

Using the REST interface, a user can use the authorization header using tool such as curl. Using the SOAP interface, tool such as SOAP UI can be used to be used to exploit it with user/password.

Affected Products

The following products were identified as affected:

Product Name Product Versions Security Bulletin Last Updated
MiCollab 6.0 SP1 and earlier n/a 2016-11-04

Risk Assessment

This vulnerability has been assessed as having a CVSS v2 Base Score of 4.9 with low risk. An attacker would need access to a valid account to misuse any privileged features, including the ability to conduct Toll-Fraud.
 

CVSS v2.0 OVERALL SCORE: 4.9
CVSS v2.0 VECTOR: AV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS BASE SCORE: 4.9 
CVSS TEMPORAL SCORE: not provided
CVSS ENVIRONMENTAL SCORE: not provided
OVERALL RISK LEVEL: Low


Mitigation / Recommended Action

This issue has been corrected in vMAS 7.2.0.5 and vUCA 7.2.0.33. Administrators of older product versions should ensure that only trusted users are granted permissions to use affected versions of the MiCollab applications.
 

External References

https://cwe.mitre.org/data/definitions/284.htm


Related CVEs / CWEs / Advisories

CWE-284