OpenSSL Vulnerabilities in MiCollab Desktop Applications

Advisory ID: 17-0008
Publish Date: 2017-06-05
Revision: 1.0


Vulnerabilities related to older versions of OpenSSL have been identified in certain MiCollab Applications running for use on the Microsoft Windows platform.

Detailed Description

MiCollab Desktop client, MiVoice for Lync and MiVoice for Skype for Business SIP softphone use a 3rd party OpenSSL library to provide cryptographic services for secured communications. Security scans may report that the SIP services of these products are vulnerable to OpenSSL vulnerabilities, including Heartbleed (CVE-2014-0160) and SWEET32 (CVE-2016-2183) are present in the affected products.

Affected Products

Security Bulletins are being issued for the following products:

Product Name Product Versions Security Bulletin Last Updated 
 MiCollab Desktop client MiCollab 6.0  17-0008-001
MiCollab Desktop client MiCollab 7.0, 7.1, 7.2,
 MiVoice for Lync    
 MiVoice for Skype For Business,,,     


Risk Assessment

The risk associated with these vulnerabilities in the noted products is considered low-to-moderate. 

Refer to product Security Bulletins for additional statements regarding risk.

Mitigation / Recommended Action

Mitel has issued new releases of the affected software applications.  Customers are advised to update their software to the latest versions. 

Refer to the Security Bulletin for more information.

External References

Related CVEs / CWEs / Advisories


Ready to talk to sales? Contact us.