Americas
Europe
Oceania
+31 88 235 6483
+31 88 235 6483
Contact Center
Samenwerken
Zakelijke telefoonsystemen
Devices & accessoires
Vragen of opmerkingen?
+31 88 235 6483
Uw zakelijke behoefte
Uw branche
Organisatiegrootte
Onze diensten
Onze producten
Support voor klanten
Partner support
Training
Contact
Blog
Over Mitel
Vacatures
Case studies
Resource center
Advisory ID: 16-0016
Publish Date: 2016-11-04
Revision: 1.0
Summary
A vulnerability in the 64-bit version of the MiCollab Desktop Client Web Portal service allows bypass of the host’s Windows firewall.
Detailed Description
MiCollab Desktop Client interfaces with Microsoft Outlook for calendar and contacts information. This information is used by the Desktop Client to manage statuses based on calendar information and use local Outlook contacts in the contact directory.
The MiCollab Desktop Client creates a windows firewall policy to allow interaction between itself and the Microsoft Outlook. This policy on 64-bit machine inadvertently opens a vulnerability whereby programs and services can bypass firewall policies.
Affected Products
The following products were identified as affected:
Product Name | Product Versions | Security Bulletin | Last Updated |
MiCollab DT Client (64-bit version) | v7.x v6.x |
16-0016-001 | 2016-11-04 |
Risk Assessment
This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0 with moderate risk. An attacker would have to have access to the system or network to realize any potential benefit from the exploitation of this vulnerability.
Mitigation / Recommended Action
There is no specific mitigation for the vulnerability. Customers are advised to apply updates available for affected versions of the software. Refer to the Security Bulletin for more information.
External References
http://cwe.mitre.org/data/definitions/264.html
Related CVEs / CWEs / Advisories
CWE-264