Mitel Product Security Advisory 22-0005

MiVoice Business, MiVoice Business Express Buffer Overflow Vulnerability

Advisory ID: 22-0005

Publish Date: 2022-06-08

Last Updated: 2022-06-08

Revision: 1.0

 

Summary

A buffer overflow vulnerability has been identified in the management interface of MiVoice Business and MiVoice Business Express which could allow arbitrary code execution.

This vulnerability was privately reported to Mitel.

Mitel is recommending customers with affected product versions apply the available remediation.

Credit is given to Exodus Intelligence (exodusintel.com) for highlighting the issue and bringing to our attention.

 

Affected Products

 

Risk Assessment

The risk of this vulnerability is rated as Critical for systems deployed with external access to the management interface. The risk is rated as High for systems where access to the management interface is restricted to protected networks.

Refer to the product Security Bulletin for additional statements regarding risk.

 

Mitigation / Recommended Action

The risk may be mitigated by restricting network access to the management interface to only trusted sources.

Mitel has issued a new release of MiVoice Business as well as scripts for remediation. Customers are advised to apply the available remediation.

Customers are advised to review the product Security Bulletin ID: 22-0005-001. For additional information, contact Product Support.

 

Related CVEs / CWEs / Advisories

CVE-2022-31784

 

Revision History

Version Date Description
1.0 2022-06-08 Initial Version
Prêt à discuter ? Contactez-nous.