15-0007-001

Security Bulletin for MiCC
SECURITY BULLETIN ID: 15-0007-001
RELEASE VERSION: 1.0
DATE: 2015-11-04
SECURITY BULLETIN 15-0007-001 V1.0
OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0007
Visit http://www.mitel.com/security-advisories for more details.
MiCC versions 7.x and earlier rely on security controls provided by Microsoft IIS. In the event an administrator opts for
a default installation (e.g. using default paths), and does not take further steps to harden the web server security, two
security vulnerabilities are present in CcmWeb. These vulnerabilities, if successfully exploited, would allow an attacker
to read files or perform HTTP redirects.
APPLICABLE PRODUCTS
This security bulletin provides information on the following products:
PRODUCT NAME
VERSION(S) AFFECTED
SOLUTION(S) AVAILABLE
MiCC
7.x and earlier
Yes – see Mitigation/Workarounds
RISK / EXPOSURE
CcmWeb Unauthenticated Local File Inclusion
CVSS V2.0 OVERALL SCORE:
5
CVSS V2.0 VECTOR:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS BASE SCORE:
5
CVSS TEMPORAL SCORE:
Not defined
CVSS ENVIRONMENTAL SCORE:
Not defined
OVERALL RISK LEVEL:
Low
CcmWeb open redirect
CVSS V2.0 OVERALL SCORE:
3.5
CVSS V2.0 VECTOR:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS BASE SCORE:
3.5
CVSS TEMPORAL SCORE:
Not defined
CVSS ENVIRONMENTAL SCORE:
Not defined
OVERALL RISK LEVEL:
Low
SECURITY BULLETIN 15-0007-001 V1.0
MITIGATION / WORKAROUNDS
A permanent solution that does not rely on Microsoft IIS security controls will be implemented in MiCC version 8.0.
The following steps are provided for MiCC versions 7.x and earlier. Server administrators are advised to review the
procedures and apply as required.
NOTE: Both procedures require that the IIS URL rewrite module is installed. For more information, visit
http://www.iis.net/downloads/microsoft/url-rewrite
How to block relative paths
The following procedure sets up IIS request filters to block relative paths in query strings in CcmWeb:
IIS config->Default Web Site->CcmWeb->URL Rewrite
Add rule->Request blocking.
Block based on query string.
Pattern = *..*
How to prevent redirect query strings
The following procedure configures IIS to block redirecturl query strings in CcmWeb:
IIS config->Default Web Site->CcmWeb->URL Rewrite
Add rule->request blocking.
Block based on query string.
Pattern = *redirecturl*
Customers are advised to update their MICC installation to version 8.0 when released.
PATCH INFORMATION
No patch is planned in response to these issues.
Similar pages