LOGIN PORTAL
Americas
Europe
Oceania
Business Phone Systems
Collaboration
Contact Center
Phones & Accessories
Apps & Developers
Your Business Need
Your Industry
Your Business Size
Our Services
Our Products
Blog
About Mitel
Careers
Customer Success
Resource Center
Location: United Kingdom
Advisory ID: 17-0006
Publish Date: 2017-06-05
Revision: 1.0
Summary
A vulnerability has been identified that allows unauthorized actors to access other users’ MiCollab Client accounts.
Detailed Description
The vulnerability is associated with the use of unsupported legacy MiCollab Mobile Clients and newer MiCollab server. This issue only affects MiCollab deployments where authentication is provided by Active Directory.
Solutions are available to mitigate the risk from potential misuse of existing legacy MiCollab Mobile clients.
Affected Products
Security Bulletins are being issued for the following products:
Product Name | Product Versions | Security Bulletin | Last Updated |
MiCollab | 7.3.1 7.3 7.2.2 7.2.1 |
17-0006-001 | 2017-06-05 |
Risk Assessment
This vulnerability is high risk and has been assigned a CVSS v2 Base Score of 9.0.
Successfully exploiting this vulnerability will allow a threat actor to perform a limited denial of service, gain access to a user’s MiCollab Client account and all resources authorized for that user, including Voice Mail, Call History and directory information.
Refer to product Security Bulletins for additional statements regarding risk.
Mitigation / Recommended Action
Mitigations are documented in the associated Security Bulletin. Customers are advised to patch or update their installations of MiCollab where Active Directory is used.
Refer to the associated Security Bulletin for solution information.
External References
n/a
Related CVEs / CWEs / Advisories
CWE-306
CWE-862