Americas
Oceania
Advisory ID: 16-0004
Publish Date: 2016-03-07
Revision: 1.1 (updated 2016-05-02)
Summary
Multiple low and medium-risk vulnerabilities were identified in an open source NTP package used by certain Mitel products.
Detailed Description
It was discovered that in some cases, ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntp client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client, which could result in a denial of service.
Affected Products
The following products have been identified as being affected (updated 2016-05-02):
Product Name | Product Versions | Security Bulletin | Last Updated |
Oria | Oria 4.0, 4.0 SP1 (4.0.39.0, 4.0.112.0) |
16-0004-002 | 2016-05-02 |
MiVoice5000 |
5.4, 6.1, 6.2 |
16-0004-007 | 2016-03-07 |
MiVoice5000 Manager |
5.4, 6.1, 6.2 |
16-0004-007 |
2016-03-07 |
Mitel5000 Compact |
5.4, 6.1, 6.2 |
16-0004-007 | 2016-03-07 |
MiVoice5000 Gateway |
2.4, 3.1, 3.2 |
16-0004-008 |
2016-03-07 |
MBG |
9.1, 8.1 |
16-0004-001 | 2016-03-07 |
MiCollab AWV |
5.0.4.19, 5.0.5.7 |
16-0004-005 |
2016-03-07 |
MiCollab MAS/SAS/vMas |
6.0, 7.0 |
16-0004-006 |
2016-03-07 |
MiCollab MCA |
5.x, 6.x |
16-0004-004 |
2016-03-07 |
MiVB-X7.0 |
7.0 |
16-0004-004 |
2016-03-07 |
MiVoice Business for Industry Standard Server and VMware Virtual Appliance |
6.0 and earlier |
16-0004-003 |
2016-03-07 |
MiVoice Business for Stratus | Versions based on RedHat Linux 6.3 | 16-0004-003 |
2016-03-07 |
MiVoice Business for Multi-instance platform - Server Manager | 1.2 and earlier |
16-0004-003 |
2016-03-07 |
NPM |
NPM 7 SP1 & SP2 (17.1.0.11, 17.2.0.3) |
16-0004-005 |
2016-03-07 |
This list will be updated with additional information as it becomes available.
Products Under Investigation
The following products are being evaluated to determine potential exposure and risk (updated 2016-05-02):
Product Name
340w and 342w
6700i, 6800i (Praxis) Series SIP Phones
74XXip (H323 terminal family)
9000i Series (9480i, 9143i, 9133i, 9112i) SIP Phones
A1023i
AM7450 Management Center
BluStar 8000i
BluStar Client (PC)
BluStar Server
Centergy Virtual Contact Center
Clearspan (Acme Packet Core SBC)
Clearspan (AudioCodes eSBC / Gateway)
Clearspan (Broadworks Platform)
Clearspan (Edgewater eSBC)
Comdasys Convergence 4675
Comdasys Convergence 6719
Dialog 5446ip, 4XXXip (H323 terminal family)
Enterprise Manager
FMC Controller (Comdasys MC Controller, Mitel Mobile Client Controller)
FMC Controller for Intelligate
MiCollab NuPoint (Speech Auto Attendant, Unified Messaging)
MiContact Center Live
MiContact Center Office
MiContact Center Outbound
Mitel 700
Mitel Alarm Server
Mitel MMC Android
MiVoice 5602/5603/5604/5606/5607 IP DECT phones (DT390, DT690, DT692, DT292, DT590) (Ascom OEM)
MiVoice 5624 WiFi Phone (Ascom OEM)
MiVoice Conference Unit (UC360)
MiVoice Digital Phones 8528, 8568
MiVoice for Lync
MiVoice IP DECT Base Station (IPBS 433/434/430/440) (Ascom OEM)
MiVoice IP Phones 5560, 5505
MiVoice MX-ONE
MiXML server
MX-ONE Manager (Provisioning)
MX-ONE Manager (Telephony System)
MX-ONE Media Gateway Unit
MX-ONE Telephony Server
MiCollab Advanced Messaging
PointSpan
Redirection and Configuration Service (RCS)
S850i (Revolabs OEM)
TA7102i / TA7104i
vMCD
WSM, WSM-3 (CPDM 3) (Ascom OEM)
This list will be updated with additional information as it becomes available
Products not Affected
The following products have been identified as not being affected as they do not use the affected component (updated 2016-05-02):
Product Name
3250
5300 series digital
5550 IP Console
Aastra 1560ip
Aastra 2380ip
Aastra 5300ip
BluStar Android
BluStar iOS
CMG
Comdasys MC Client Android
Comdasys MC Client iOS
CT Gateway
D.N.A. Application Suite
DECToverIP (Mitel 100 | OpenCom 100)
DECToverIP (OC1000)
ER Adviser
InAttend
MiCollab Client (Desktop/Web)
MiCollab Mobile Client (Android)
MiCollab Mobile Client (iOS)
MiContact Center Business
MiContact Center Enterprise
MiContact Center for Microsoft Lync
Mitel 800
Mitel MMC iOS
MiVoice Business - MCD (PPC)
MiVoice 5610 DECT Handset and IP DECT Stand
MiVoice Business Console
MiVoice Business Dashboard (CSM)
MiVoice Call Accounting
MiVoice Call Recording
MiVoice IP Phones 53xx, 5540
MiVoice Office 250 (Mitel 5000)
MiVoice Office 400
MX-ONE Manager (System Performance)
MX-ONE Manager Availability
Oaisys Talkument
Oaisys Tracer
OIG
Open Interfaces Platform (OIP, OIP WebAdmin)
OpenCom 1000 family
OpenPhone 7x IP
Secure IP Remote Management SRM
SIP-DECT
SIP-DECT Open Mobility Manager
SIP-DECT with Cloud-ID
Solidus eCare
SX-200IP ICP
Telephony Switch (TSW)
Telepo
This list will be updated with additional information as it becomes available.
Risk Assessment
The reported vulnerabilities have varied levels of risk. Mitel considers CVE-2015-8138 to present a moderate risk to environments where NTP time sources are not trusted.
Mitigation / Recommended Action
Please refer to the product-specific Security Bulletins for mitigation and recommendations.
External References
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit