Security Bulletin for MiVoice5000 SECURITY BULLETIN ID: 16-0011-001 RELEASE VERSION: 1.0 DATE: 2016-06-03 SECURITY BULLETIN 16-0011-001 V1.0 OVERVIEW This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 16-0011. Visit http://www.mitel.com/security-advisories for more details. APPLICABLE PRODUCTS This security bulletin provides information on the following products: PRODUCT NAME VERSION(S) AFFECTED SOLUTION(S) AVAILABLE MiVoice5000 5.4, 6.1, 6.2 Security patches package QW467AAXXX6.x.24 Mitel5000 Compact 5.4, 6.1, 6.2 Security patches package QW467AAXXX6.x.24 MiVoice5000 Manager 2.4, 3.1, 3.2 Security patches package QW467AAXXX6.x.24 RISK / EXPOSURE Due to a flaw in an open-source third party library, an attacker could potentially be allowed for the execution of arbitrary code or shell commands, unauthorized access and manipulation of image files on the MiVoice5000, MiVoice5000 Manager and Mitel5000 Compact. The risk is limited, however, as the end users don’t have access to image files, only operators with sufficient rights can copy/remove/modify these files. CVSS V2.0 OVERALL SCORE: 9.0 CVSS V2.0 VECTOR: AV:N/AC:L/Au:S/C:C/I:C/A:C CVSS BASE SCORE: 9.0 CVSS TEMPORAL SCORE: Not defined CVSS ENVIRONMENTAL SCORE: Not defined OVERALL RISK LEVEL: High MITIGATION / WORKAROUNDS Customers can upload the new release of ImageMagick (-6.7.2.7-4 provided by RedHat) on MiVoice5000, MiVoice5000 Manager or Mitel5000 Compact. © Copyright 2016, Mitel Networks Corporation. All Rights Reserved. The Mitel word and logo are trademarks of Mitel Networks Corporation. Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of these marks. SECURITY BULLETIN 16-0011-001 V1.0 SOLUTION INFORMATION The fix will be included in the new release of security patches package QW467AAXXX6.x.24 available in early June. Contact product support for additional information. © Copyright 2016, Mitel Networks Corporation. All Rights Reserved. The Mitel word and logo are trademarks of Mitel Networks Corporation. Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of these marks.