Mitel Product Security Advisory 16-0009
Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000
Advisory ID: 16-0009
Publish Date: 2016-03-18
Revision: 1.0
Summary
Authentication bypass vulnerabilities have been identified on the MiVoice Office 250 (formerly Mitel 5000).
Detailed Description
The discovered vulnerabilities allow unauthorized access to system functions, including user management. Instances of toll-fraud, resulting from these vulnerabilities have been identified.
Due to the attack vector, other negative side-effects are conceivable.
Mitel is recommending customers with affected product versions to update to an unaffected release and take additional precautions.
Affected Products
The following products have been identified as affected:
| Product Name | Product Versions | Security Bulletin | Last Updated |
| MiVoice Office 250 | 6.1 | 16-0009-001 | 2016-03-18 |
| Mitel 5000 | 6.0 | 16-0009-001 | 2016-03-18 |
Risk Assessment
Mitel has rated the risk of this vulnerability as High.
Refer to the product Security Bulletin for CVSS scoring and additional statements of risk.
Mitigation / Recommended Action
Customers are advised to update MiVoice Office 250 to an unaffected version of software as soon as possible, and take additional precautions to secure their installation.
Refer to the product Security Bulletin for additional recommendations.
External References
n/a
Related CVEs / Advisories
n/a