Mitel Product Security Advisory 15-0007
Security Advisory for MiCC
Advisory ID: 15-0007
Publish Date: 2015-11-04
MiCC does not modify the Microsoft IIS configuration during application installation. Without additional Microsoft IIS hardening, two vulnerabilities are present in CcmWeb which, if successfully exploited, could allow an attacker to read files or perform HTTP redirects.
CcmWeb Unauthenticated Local File Inclusion
CcmWeb allows access to any file on the install drive using specially formulated URLs. This vulnerability could allow an attacker read access any file located on the same drive as the MiCC install drive. The attacker must know of the file structure and cannot list directories to discover it. The attacker can’t modify any files by exploiting this vulnerability.
CcmWeb open redirect
This vulnerability can allow an attacker to trick a user to navigate to an outside malicious web page by sending them a link.
The following products have been identified as affected:
7.x and earlier
Refer to the Security Bulletin 15-0007-001 for additional statements regarding risk.
Mitigation / Recommended Action
Security Bulletin 15-0007-001 provides guidance on how to reconfigure Microsoft IIS to mitigate these vulnerabilities. Customers are advised to update to MiCC version 8.0 when released which implements additional measures which do not rely on Microsoft IIS security controls.
Credit to 7 Elements for discovery and solution verification https://www.7elements.co.uk