Multiple Vulnerabilities in ImageMagick

Advisory ID: 16-0011
Publish Date: 2016-05-09
Revision: 1.2 (updated 2016-06-03)

Summary
Multiple vulnerabilities have been discovered in ImageMagick, an image framework used in some Mitel products. These vulnerabilities are collectively known as ImageTragick.

The following CVE IDs are associated with this vulnerability:

CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
CVE-2016-3718

Detailed Description

According to the Vulnerability Summaries for the aforementioned CVEs, the identified vulnerabilities potentially allow for the execution of arbitrary code or shell commands, server-side forgery (SSRF) attacks, or unauthorized access and manipulation of image files.

As per the ImageTragick page,

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.

ImageMagick is included in Mitel Standard Linux (MSL) and may be included in other Mitel products. Only those products using the ImageMagic package are potentially vulnerable.

These vulnerabilities have varied levels of risk. CVE-2016-3714 has a CVSS v2 score of 10.0 (high).

Affected Products

The following products have been identified as being affected and vulnerable (updated 2016-06-03):

Product Name  Product Versions
 Security Bulletin  Last Updated 
MiCollab NPM  

MiCollab 6.0.205.0  
(NPM 7 SP2; 17.2.0.3) 

MiCollab 7.1.0.55  
(NPM 8 SP1; 18.1.0.23)

 16-0011-003 2016-06-02 
MiVoice5000   5.4, 6.1, 6.2   16-0011-001  2016-06-02 
MiVoice5000 Compact   5.4, 6.1, 6.2 16-0011-001  2016-06-02 
MiVoice5000 Manager   2.4, 3.1, 3.2   16-0011-001  2016-06-02 
NuPoint  NPM 7 SP2 (17.2.0.3) 
NPM 8 SP1 (18.1.0.23) 		 16-0011-002   2016-06-02 

 

Products not Affected

The following products are not vulnerable as they do not include ImageMagick (updated 2016-05-12):

Product Name  Versions 
3250  All 
5300 series digital  All 
5550 IP Console  All 
6700i, 6800i (Praxis) Series SIP Phones  All
9000i Series (9480i, 9143i, 9133i, 9112i) SIP Phones   All 
Aastra 1560ip  All 
Aastra 2380ip  All 
Aastra 5300ip  All 
BluStar 8000i  All 
BluStar Client (PC)  All 
BluStar Server  All 
Centergy Virtual Contact Center  All 
Clearspan (Acme Packet Core SBC)
 All 
Clearspan (AudioCodes eSBC / Gateway)  All 
Clearspan (Broadworks Platform)
 All 
Clearspan (Edgewater eSBC)  All 
CMG All 
CPU2 / CPU2-S on Mitel 470 Controller  All 
CT Gateway  All 
D.N.A. Application Suite  All 
DECToverIP (Mitel 100 | OpenCom 100)  All 
DECToverIP (OC1000)  All 
ER Adviser  All 
InAttend  All 
MiCollab Client (Desktop/Web)  All 
MiContact Center Business  All 
MiContact Center Enterprise 9.1  All 
MiContact Center for Microsoft Lync
 All 
MiContact Center Solidus 9.0 SP1
 All 
Mitel 700 (5.x SPX)
 All 
Mitel 800  All 
Mitel Alarm Server All 
Mitel100/OpenComX320  All 
Mitel5000 Gateway  All 
MiVoice Business - MCD (PPC)  All 
MiVoice Business Console  All 
MiVoice Call Accounting  All 
MiVoice IP Phones 53xx, 5540 All
MiVoice IP Phones 5560, 5505  All 
MiVoice Office 250 (Mitel 5000)  All 
MiVoice Office 400  All 
MiVoice MX-ONE Provisioning Manager  (6.x SPX)  All 
MiVoice MX-ONE SaaS Express or Express  (6.x SPX)
 All 
MX-ONE Manager Provisioning 5.0 SPX  All 
MX-ONE Manager Telephony Server 5.0 SPX  All 
MX-ONE Telephony Server 5.0 SPX
 All 
Open Interfaces Platform (OIP, OIP WebAdmin)  All 
OpenCom 1000 family  All 
OpenPhone 7x IP  All 
PointSpan  All 
Redirection and Configuration Service (RCS)  All 
S850i (Revolabs OEM)
 All 
Secure IP Remote Management SRM  All 
SIP-DECT  All 
SIP-DECT Open Mobility Manager  All 
SIP-DECT with Cloud-ID  All 
Solidus eCare 8.3 SP4  All 
Telephony Switch (TSW)
 All 
Telepo  All 

 

The following products are not vulnerable as they do not use ImageMagick (updated 2016-05-13):

Product Name
 Versions 
MiCollab (MAS) / (SAS) / vMAs  All 
MiCollab (MCA)  All 
MiCollab Client Server  All 
Mitel 700  All 
Mitel Standard Linux (MSL)  All 
MiVoice Border Gateway(MBG)  All 
MiVoice Business - MCD for ISS   All 
MiVoice Business - MXe Server  All 
MiVoice Business Express   All 
MiVoice Office 400 Virtual Appliance  All 
MiMXL  All 
Multi-Instance Communications Director (MiCD)  All 
MiVoice MX-ONE Provisioning Manager  6.x SPX 
MiVoice MX-ONE SaaS Express or Express  6.x SPX 
MX-ONE Service Node  6.x SPX 
MX-ONE Service Node Manager  6.x SPX 
MX-ONE Media Server   6.x SPX 
OIG  All 
Oria  All 
Virtual MiVoice Communications Director (vMCD)  All 

Products Under Investigation

Mitel continues to investigate these vulnerabilities to determine affected products and risk. This security advisory will be updated during the course of the investigation as details become available.

External References

https://imagetragick.com

Related CVEs / Advisories

CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
CVE-2016-3718




Stay One Step Ahead

Ready to talk to sales? Contact us.
Find a Partner +44 1291 430 000 Email Us