Mitel Product Security Advisory - 15-0009
OpenSSH: authentication limits (MaxAuthTries) bypass (CVE-2015-5600)
Advisory ID: 15-0009
Publish Date: 2015-09-04
Revision: 1.0
Summary
A vulnerability in OpenSSH has been identified which, under specific circumstances, would allow remote attacker to bypass MaxAuthTries settings, which would enable brute force attacks.
Detailed Description
OpenSSH allows for the setting of an authentication threshold. By design, exceeding this limit will result in the connection being closed.
This OpenSSH vulnerability allows an attacker to bypass this setting and request multiple password prompts, with the only limitation defined by a time value defined by another ssh server configuration parameter.
By means of this vulnerability, an attacker can initiate a large number of authentication attempts.
Windows based products and those using Mitel Standard Linux (MSL) are not affected. See the Affected Products section for a list of products confirmed to be affected.
Affected Products
The Following products hve been identified as affected:
| Product Name | Product Versions | Security Bulletin | Last Updated |
| Convergence 4675 | 4675.42.11 and earlier | 15-0009-001 | 2015-09-04 |
| Convergence 6719 | 6719.34.11 and earlier | 15-0009-001 | 2015-09-04 |
| FMC Controller (Comdasys MC Controller, Mitel Mobile Client Controller) | 10684.21.7 and earlier | 15-0009-001 | 2015-09-04 |
| FMC Controller for Intelligate | 10684.16.12 and earlier | 15-0009-001 | 2015-09-04 |
| Mitel 700 | 5.0, 6.0 | 15-0009-002 | 2015-09-04 |
| MiVoice MX-ONE | 5.0, 6.0 | 15-0009-002 | 2015-09-04 |
| MX-ONE Manager (Provisioning) | 5.0, 6.0 | 15-0009-002 | 2015-09-04 |
| MX-ONE Manager (Telephony System) | 5.0, 6.0 | 15-0009-002 | 2015-09-04 |
Products Under Investigation
Mitel continues to evaluate products within the Mitel portfolio. The list of affected products above will be updated as new information is received.
Products Not Affected
Products using Mitel Standard Linux (MSL) are not affected, as are other solutions that do not ship with OpenSSH (for example, Windows applications).
Risk Assessment
CVE-2015-5600 assigned a CVSS v2 Score of 8.5 and identified risk as high. As part of Mitel’s analysis, the risk was rated lower as a result of environmental and product-specific considerations.
Refer to Mitel product Security Bulletins for additional statements regarding product-specific risk.
Mitigation / Recommended Action
As part of security best practice, customers are advised to implement long and complex passwords that would be resistant to brute force attacks.
Additional countermeasures include limiting access to system administration interfaces from trusted hosts and networks and implementing network security solutions (Firewalls, Network Intrusion Prevention solutions) in the environment to regulate traffic and detect abnormal traffic patterns.
In cases where customers have installed OpenSSH on systems used to host Mitel applications, they are advised to consult the links provided in the External References section for additional guidance on recommended configuration changes.
Additional recommendations and mitigation will be provided by means of product-specific Security Bulletins referenced above, and this Security Advisory will be updated as new information is available.
External References
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5600
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5600
https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
Related CVEs / Advisories
CVE-2015-5600