15-0009-001

Security Bulletin for Comdasys Convergence,
Comdasys Mobile Client Controller, AMCC for Intelligate
and Mitel Mobile Client Controller
SECURITY BULLETIN ID: 15-0009-001
RELEASE VERSION: 1.0
DATE: 2015-09-04
SECURITY BULLETIN 15-0009-001 V1.0
OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0009.
Visit http://www.mitel.com/security-advisories for more details.
APPLICABLE PRODUCTS
This security bulletin provides information on the following products:
PRODUCT NAME
VERSION(S) AFFECTED
SOLUTION(S) AVAILABLE
FMC Controller (Comdasys MC
Controller, Mitel Mobile Client Controller)
10684.21.7 and earlier
10684.21.8
FMC Controller for Intelligate
10684.16.12 and earlier
10684.16.13
Convergence 4675
4675.42.11 and earlier
4675.42.12
Convergence 6719
6719.34.11 and earlier
6719.34.10
RISK / EXPOSURE
CVE-2015-5600 has rated the vulnerability as follows.
CVSS V2.0 OVERALL SCORE:
8.5
CVSS V2.0 VECTOR:
AV:N/AC:L/Au:N/C:P/I:N/A:C
CVSS BASE SCORE:
8.5
CVSS TEMPORAL SCORE:
N/A
CVSS ENVIRONMENTAL SCORE:
N/A
OVERALL RISK LEVEL:
High
However, the affected products implement additional measures to limit authentication attempts as follows:
Mobile Client Controller 10684.21: LoginGracePeriod is set to 30s, allowing 10 possible login attempts before closing
the connection.
Mobile Client Controller for Intelligate, Convergence 4675, Convergence 6719: LoginGracePeriod is set to 120s,
allowing 40 possible login attempts before closing the connection.
This threshholds, combined with deployments in controlled enviroments and the use of a strong password policy are
considered to reduce the exposure to a low level of risk.
© Copyright 2015, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
SECURITY BULLETIN 15-0009-001 V1.0
MITIGATION / WORKAROUNDS
No mitigation / workarounds are available
PATCH INFORMATION
Customers can contact their authorized support provider to obtain the latest versions of the affected products. Visit
www.mitel.com for additional contact information.
© Copyright 2015, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
Similar pages