15-0004-004

Security Bulletin for MiCollab AWV
SECURITY BULLETIN ID: 15-0004-004
RELEASE VERSION: V1.1
DATE: 2015-09-25
SECURITY BULLETIN 15-0004-004 V1.1
OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0004.
Visit http://www.mitel.com/security-advisories for more details.
Note: This bulletin, and updates to Security Advisory 15-0004, have been published following the discovery of new
investigation.
According to the findings published on https://weakdh.org, websites, mail servers, and other TLS-dependent services
that use Diffie-Hellman Ephemeral (DHE) and allow for DHE_EXPORT to use 512-bit DH keys are affected. This
vulnerability is commonly known as Logjam.
APPLICABLE PRODUCTS
This security bulletin provides information on affected products:
PRODUCT NAME
AWV
VERSION(S) AFFECTED
AWV 5.0.5.5 and earlier
SOLUTION(S) AVAILABLE
AWV 5.0.5.7
AWV is included in the following products:
PRODUCT NAME
MiCollab
VERSION(S) AFFECTED
MiCollab 6.0 SP2 (6.0.205.0) and
earlier
SOLUTION(S) AVAILABLE
MiCollab 6.0 SP2 PR1 (6.0.206.0)
MiVoice Business Express
MiVoice Business Express 6.0 SP2
(6.0.205.0) and earlier
MiVoice Business Express 6.0 SP2
PR1 (6.0.206.0)
RISK / EXPOSURE
Successful exploitation of the vulnerability could allow an attacker to gain access to sensitive information and allow for
the manipulation of data.
CVSS V2.0 OVERALL SCORE:
4.4
CVSS V2.0 VECTOR:
AV:N/AC:H/AU:N/C:P/I:P/A:P
CVSS BASE SCORE:
5.1
CVSS TEMPORAL SCORE:
4.4
CVSS ENVIRONMENTAL SCORE:
OVERALL RISK LEVEL:
Not defined
Low
© Copyright 2015, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
SECURITY BULLETIN 15-0004-004 V1.1
MITIGATION / WORKAROUNDS
Mitel is recommending customers update their AWV version that is known to remove the use of ciphers employing the
weak Diffie-Hellman sizes.
PATCH INFORMATION
Changes to disable weak Diffie-Hellman keys were introduced in the following releases:
AWV 5.0 v5.0.5.7
Customers unable to update to newer versions are advised to contact support for additional workarounds.
Customers should contact their authorized support provider to obtain the latest software versions. Visit
www.mitel.com for additional contact information.
© Copyright 2015, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
Similar pages