Advisory ID: 20-0001
First Issue Date: 2020-01-22
Last Updated: 2020-01-22
A port configuration vulnerability in the factory default firmware of the Mitel 6970 conference phone could allow an attacker to gain remote access to the phone during the time period from initial power on to automatic firmware upgrade. Risk may be significantly reduced through ensuring the initial power on and upgrade completes on a protected internal network.
The risk is limited to phones in the factory default state. This is a non-standard configuration existing only for new phones with limited functionality. After the 6970 has upgraded to the current firmware release, the phones are no longer vulnerable. Phones with active service, and able to connect to the controller, are not vulnerable; upgraded/working phones that are later reset to factory defaults are not vulnerable.
Mitel has issued a firmware update to address this issue.
Security Bulletins are being issued for the following products:
|Product Name||Product Version Affected||Fixed Product Version|
|Mitel 6970||Product label on the packaging and device: Revision A25 and earlier WITHOUT additional label D04549||Product label on the packaging and device: Revision A26 and later
All revisions WITH D04549 label
A26 and above indicates updated factory installed firmware, D04549 indicates inventory modified post production, corrective firmware installed.
Overall, the risk is considered moderate. In the factory default state, the potential impact of compromise is limited as there is no confidential personal data, and limited functionality.
Customers and partners who are concerned may mitigate the exposure by ensuring new phones are powered on and upgraded to the current release in a secure network. After the upgrade, the phone is no longer vulnerable.