LOGIN PORTAL
Americas
Europe
Oceania
Business Phone Systems
Collaboration
Contact Center
Phones & Accessories
Apps & Developers
Your Business Need
Your Industry
Your Business Size
Our Services
Our Products
Blog
About Mitel
Careers
Customer Success
Resource Center
Location: United Kingdom
Advisory ID: 16-0009
Publish Date: 2016-03-18
Revision: 1.0
Summary
Authentication bypass vulnerabilities have been identified on the MiVoice Office 250 (formerly Mitel 5000).
Detailed Description
The discovered vulnerabilities allow unauthorized access to system functions, including user management. Instances of toll-fraud, resulting from these vulnerabilities have been identified.
Due to the attack vector, other negative side-effects are conceivable.
Mitel is recommending customers with affected product versions to update to an unaffected release and take additional precautions.
Affected Products
The following products have been identified as affected:
Product Name | Product Versions | Security Bulletin | Last Updated |
MiVoice Office 250 | 6.1 | 16-0009-001 | 2016-03-18 |
Mitel 5000 | 6.0 | 16-0009-001 | 2016-03-18 |
Risk Assessment
Mitel has rated the risk of this vulnerability as High.
Refer to the product Security Bulletin for CVSS scoring and additional statements of risk.
Mitigation / Recommended Action
Customers are advised to update MiVoice Office 250 to an unaffected version of software as soon as possible, and take additional precautions to secure their installation.
Refer to the product Security Bulletin for additional recommendations.
External References
n/a
Related CVEs / Advisories
n/a