Mitel Product Security Advisory 15-0007

Security Advisory for MiCC

Advisory ID: 15-0007

Publish Date: 2015-11-04

Revision: 1.0

Summary

MiCC does not modify the Microsoft IIS configuration during application installation. Without additional Microsoft IIS hardening, two vulnerabilities are present in CcmWeb which, if successfully exploited, could allow an attacker to read files or perform HTTP redirects.

Detailed Description

CcmWeb Unauthenticated Local File Inclusion

CcmWeb allows access to any file on the install drive using specially formulated URLs. This vulnerability could allow an attacker read access any file located on the same drive as the MiCC install drive. The attacker must know of the file structure and cannot list directories to discover it. The attacker can’t modify any files by exploiting this vulnerability.

CcmWeb open redirect

This vulnerability can allow an attacker to trick a user to navigate to an outside malicious web page by sending them a link.

Affected Products

The following products have been identified as affected:

Product Name

Product Versions

Security Bulletin

Last Updated

MiCC (CcmWeb)

7.x and earlier

15-0007-001

2015-11-04

 

Risk Assessment

Refer to the Security Bulletin 15-0007-001 for additional statements regarding risk.

Mitigation / Recommended Action

Security Bulletin 15-0007-001 provides guidance on how to reconfigure Microsoft IIS to mitigate these vulnerabilities. Customers are advised to update to MiCC version 8.0 when released which implements additional measures which do not rely on Microsoft IIS security controls.

External References

Credit to 7 Elements for discovery and solution verification https://www.7elements.co.uk

Related CVEs / Advisories

https://www.7elements.co.uk/resources/technical-advisories/mitel-ccmweb-lfi/
https://www.7elements.co.uk/resources/technical-advisories/mitel-openredirect/