15-0013-002

Security Bulletin for MiCollab AWV
SECURITY BULLETIN ID: 15-0013-002
RELEASE VERSION: 1.0
DATE: 2016-02-01
SECURITY BULLETIN 15-0013-002 V1.0
OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0013
Visit http://www.mitel.com/security-advisories for more details.
A Java deserialization vulnerability was deteced in the Java frameworks, which, if exploited, could allow an attacker to
execute arbitrary code on the remote. MiCollab Audio, Web and Video conferencing (AWV) has been identified as
using the affected framework.
APPLICABLE PRODUCTS
This security bulletin provides information on the following products:
PRODUCT NAME
VERSION(S) AFFECTED
SOLUTION(S) AVAILABLE
MiCollab AWV
AWV 6.0 (MiCollab 7.0)
Yes
RISK / EXPOSURE
This vulnerability provides an attacker with the ability to execute malicious code and take complete control of an
affected system with the privileges of the user running the application. Such unauthorized could allow an attacker to
attempt to elevate their privileges.
From MiCollab 7.0 (AWV 6.0) onwards AWV’s Connection Point process, utilize JMX technology for exposing a RMI
interface to remotely monitor health statistics. While this service should be firewalled, there is a potential risk in
enviroments where this service is accessible from untrusted hosts or networks.
CVSS V2.0 OVERALL SCORE:
4.8
CVSS V2.0 VECTOR:
AV:N/AC:L/Au:N/C:N/I:P/A:N/E:ND/RL:W/RC:C
CVSS BASE SCORE:
5
CVSS TEMPORAL SCORE:
CVSS ENVIRONMENTAL SCORE:
OVERALL RISK LEVEL:
4.8
Not Defined
Low
MITIGATION / WORKAROUNDS
A remediation bulletin, providing the steps for a manual workaround, is available from Mitel Product Support. Refer to
Technical Bulletin 15-1263-00137
PATCH INFORMATION
No patch is currently available. Customers This issue is scheduled to be corrected in MiCollab 7.1.
© Copyright 2016, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
Similar pages