Mitel Product Security Advisory 19-0001

Mitel MiVoice 6800 and 6900 SIP series phones weak authentication vulnerability

Advisory ID: 19-0001
Publish Date: 2019-03-19
Last Updated: 2019-03-19
Revision: 1.0

Summary

A vulnerability in the validation functionality for server certificates has been identified in Mitel MiVoice 6800 and 6900 SIP series phones, which could allow an attacker with a man-in-the-middle position to access sensitive information. Successful exploit requires a primary compromise of the gateway or internal corporate networking and a man-in-the-middle position.

This vulnerability was privately reported to Mitel. At time of publishing, Mitel is not aware of customers that have been impacted by this vulnerability.

Mitel is recommending customers with affected product versions update to the latest release.

Credit is given to Alexander Traud, an independent Security Researcher for highlighting this issue and bringing this to our attention.

Affected Products

The following products have been identified as affected:

Product Name    Product Versions Security Bulletin  Last Updated 
Mitel MiVoice SIP 6863i, 6865i, 6867i, 6869i, 6873i, 6920, 6930, 6940 5.1.0.1039 SP1 HF2 and earlier 19-0001-001 2019-03-19

 

Risk Assessment

The overall risk of this vulnerability is considered moderate to low for secure corporate networks.

Refer to the product Security Bulletin(s) for additional statements regarding risk.

Mitigation / Recommended Action

Customers are recommended to deploy appropriate network security controls.

Mitel has issued new releases of the affected software. Customers are advised to update their software to the latest versions.

Customers are advised to review the product Security Bulletin. For additional information, contact Product Support.

External References

N/A

Related CVEs / CWEs / Advisories

N/A

Revision History
Version  Date  Description 
1.0 2019-03-19 Initial version
Neem contact op met Mitel