Weakness in Diffie-Hellman key exchange / Logjam

Advisory ID: 15-0004
Publish Date: 2015-07-31
Updated: 2015-09-29
Revision: v1.4

Summary

Security researchers have uncovered a vulnerability in many implementations of the Diffie-Hellman key exchange protocol, a widely-used method for securely negotiating an encrypted communication channel. In some situations, it would be feasible for a motivated attacker to read or modify the contents of an encrypted connection. The vulnerability is commonly known as “Logjam” and has been assigned two key CVE identifiers:

Mitel has assessed the impact to products in our portfolio. This advisory summarizes the status of the investigation.

Detailed Description

Diffie-Hellman is a commonly used protocol for allowing two sides of a conversation to choose encryption keys without transmitting those keys across the network. According to the findings published on https://weakdh.org, websites, mail servers, and other TLS-dependent services that use Diffie-Hellman Ephemeral (DHE) and allow for DHE_EXPORT to use 512-bit DH keys are affected. Elliptic-Curve implementations of Diffie-Hellman (ECDH) are reported as not being vulnerable.

An adversary positioned as a “man-in-the-middle” could use the Logjam vulnerability to read and modify data passed over the connection.

Affected Products

The following products are confirmed to be affected:

Product Name  Versions  Security Bulletin
Last Updated
Mitel 100/OpenComX320
11.x - 12.0
15-0004-001
2015-07-31 
Mitel 800
11.x - 12.0

15-0004-002 
2015-07-31 
MiCollab AWV
6.0.205.0 and earlier
15-0004-004
2015-09-25 
Oria  3.x  15-0004-005
2015-07-31 
MiVoice Conference Unit (UC360)  1.x, 2.x  15-0004-006
2015-07-31 
Redirection and Configuration Service (RCS)  All  15-0004-007  2015-07-31
Mitel 700  5.0 SPX, 6.0 SP2 and earlier  15-0004-008  2015-07-31

 

Products Not Affected

The following products have been evaluated as not being affected:

Product Name:

340w / 342w

3250

5000 Call Manager

5000 Compact

5000 Gateway

5300 series digital

5550 IP Console

5603/5604/5607 Programmer (Ascom OEM)

5603/5604/5607/5624 Rack Charger (Ascom OEM)

6700i, 6800i (Praxis) Series SIP Phones

74XXip (H323 terminal family)

9000i Series (9480i, 9143i, 9133i, 9112i) SIP Phones

A1023i

Aastra 1560ip

Aastra 2380ip

Aastra 5300ip

AM7450 Management Center

BluStar 8000i

BluStar Android

BluStar Client (PC)

BluStar iOS

BluStar Server

Centergy Virtual Contact Center

Clearspan (Acme Packet Core SBC)

Clearspan (AudioCodes eSBC / Gateway)

Clearspan (Broadworks Platform)

Clearspan (Edgewater eSBC)

CMG

Comdasys Convergence (4675, 6719)

Comdasys MC Client Android

Comdasys MC Client iOS

Comdasys MC Controller

CPDM 3 (DECT)

CPU2 / CPU2-S on Mitel 470 Controller

CT Gateway

D.N.A. Application Suite

DECT handset programming units

DECToverIP (Mitel 100 | OpenCom 100))

DECToverIP (OC1000)

Dialog 5446ip, 4XXXip (H323 terminal family)

DT390, DT690, DT692, DT292, DT590 (DECT)

ER Adviser

InAttend

Intelligate Mobile Client Controller v16.X

IPBS 433/434/430/440

MiCollab (MAS) (SAS)

MiCollab (vMAS)

MiCollab Client (Desktop/Web/Standalone)

MiCollab Mobile Client (Android)

MiCollab Mobile Client (iOS)

MiCollab NuPoint (Speech Auto Attendant, Unified Messaging)

MiContact Center Business

MiContact Center Enterprise

MiContact Center for Microsoft Lync

MiContact Center Live

MiContact Center Office

MiContact Center Outbound

Mitel Alarm Server - 2.0, 2.1

Mitel MMC Android

Mitel MMC iOS

Mitel Mobile Client Controller

MiVoice 5602/5603/5604/5606/5607
IP DECT phones (Ascom OEM)

MiVoice 5610 DECT Handset and IP DECT Stand

MiVoice 5624 WiFi Phone (Ascom OEM)

MiVoice Border Gateway(MBG)

MiVoice Business - MCD (PPC)

MiVoice Business - MCD for ISS

MiVoice Business - MCD on Stratus

MiVoice Business - MXe Server

MiVoice Business Console

MiVoice Business Dashboard (CSM)

MiVoice Call Accounting

MiVoice Call Recording

MiVoice Digital Phones 8528, 8568

MiVoice Enterprise Manager

MiVoice for Lync

MiVoice IP DECT Base Station (Ascom OEM)

MiVoice IP Phones 53xx, 5540

MiVoice IP Phones 5560, 5550, 5505

MiVoice Office 250 (Mitel 5000)

MiVoice Office 400

MiXML server

Multi-Instance Communications Director (MiCD)

MX-ONE Manager (System Performance)

MX-ONE Manager Availability

MX-ONE Manager (Provisioning)

MX-ONE Gateway Unit

MX-ONE Manager Telephony System

NuPoint UM (Standalone)

Oaisys Talkument

Oaisys Tracer

OIG

FaxMail

VoiceMail

Open Interfaces Platform (OIP, OIP WebAdmin)

Open Messaging

OpenCom 1000 family

OpenPhone 7x IP

Oria

PointSpan

Rack Charger for DT390, 69x, 4x3

S850i (Revolabs OEM)

SAS

Secure IP Remote Management SRM

SIP-DECT

SIP-DECT Open Mobility Manager

SIP-DECT with Cloud-ID

Solidus eCare 7.0 SP8

Solidus eCare 8.3 SP2

SX-200IP ICP

TA7102i

TA7104i

Telephony Switch (TSW)

Telepo

Virtual MiVoice Communications Director (vMCD)

Virtualization Framework

WSM, WSM-3 (Ascom OEM)

If you do not see your product listed above, please contact Mitel Customer Support

Risk Assessment

CVE-2015-1716 has assigned a CVSS v2 Base Score of 5.0
CVE-2015-4000 has assigned a CVSS v2 Base Score of 4.3

Refer to product Security Bulletins for additional statements regarding risk.

Mitigation / Recommended Action

The risk to Mitel products that provide client services (e.g. sending email notifications) is eliminated when connecting to upstream servers which do not support weak DHE implementations. Customers are advised to ensure that upstream servers are running current versions of software. Guidance for server administrators can be found at https://weakdh.org/sysadmin.html

Operating System patches are provided by the respective vendors. The following recommendations are provided for Mitel applications:

For Mitel products provided as applications installed on systems running Microsoft Windows, refer to http://technet.microsoft.com/security/bulletin/MS15-055
For Mitel products provided as solutions installed systems running other operating systems (e.g. Debian, Red Hat, SUSE), please consult the respective vendor of the distribution.
Major web browser developers have also released new versions to address the use of weak Diffie-Hellman. Updating to the latest version of the browser(s) is recommended as a client-side solution.

Product-specific Security Bulletins will be issued for products which have been confirmed to be affected. Refer to the table of Affected Products and the referenced Security Bulletins for more information on additional mitigation and/or solutions available.

External References 

https://weakdh.org
http://technet.microsoft.com/security/bulletin/MS15-055
https://bugzilla.redhat.com/show_bug.cgi?id=1223211
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

Related CVEs / Advisories

CVE-2015-1716
CVE-2015-4000

Neem contact op met Mitel
+31 (0)88 235 6483 Contact