15-0009-002

Security Bulletin for MiVoice MX-ONE
Products
SECURITY BULLETIN ID: 15-0009-002
RELEASE VERSION: 1.0
DATE: 2015-09-04
SECURITY BULLETIN 15-0009-002 V1.0
OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0009.
Visit http://www.mitel.com/security-advisories for more details.
APPLICABLE PRODUCTS
This security bulletin provides information on the following products:
PRODUCT NAME
VERSION(S) AFFECTED
SOLUTION(S) AVAILABLE
Mitel 700
MiVoice MX-ONE
MX-ONE Manager (Provisioning)
MX-ONE Manager (Telephony System)
5.0, 6.0
5.0, 6.0
5.0, 6.0
5.0, 6.0
Yes
Yes
Yes
Yes
RISK / EXPOSURE
CVE-2015-5600 has rated the vulnerability as follows.
CVSS V2.0 OVERALL SCORE:
8.5
CVSS V2.0 VECTOR:
AV:N/AC:L/Au:N/C:P/I:N/A:C
CVSS BASE SCORE:
8.5
CVSS TEMPORAL SCORE:
N/A
CVSS ENVIRONMENTAL SCORE:
N/A
OVERALL RISK LEVEL:
High
However, as the Mitel 700 and MX-ONE systems should be deployed in controlled environments, the environment is
considered to mitigate the risk of attack to an acceptable level. Such controls include limiting access to administrative
interfaces from trusted neworks, and implementing strong passwords schemes. Such measures will reduce the
exposure to brute force attacks.
MITIGATION / WORKAROUNDS
The following steps are provided for customers who want to implement immediate measures to address the
vulnerability:
1)
As user root, make sure the following is configured in /etc/ssh/sshd_config
"PasswordAuthentication yes"
"ChallengeResponseAuthentication no"
2)
As user root, restart sshd:
> rcsshd restart
© Copyright 2015, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
SECURITY BULLETIN 15-0009-002 V1.0
PATCH INFORMATION
Future versions of the affected products will be released to permanently address the vulnerability. Additional
information related to fixes from the Operating System maintainer can be found at
https://www.suse.com/security/cve/CVE-2015-5600.html.
© Copyright 2015, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
Similar pages