Americas
Oceania
Advisory ID: 17-0008
Publish Date: 2017-06-05
Revision: 1.0
Summary
Vulnerabilities related to older versions of OpenSSL have been identified in certain MiCollab Applications running for use on the Microsoft Windows platform.
Detailed Description
MiCollab Desktop client, MiVoice for Lync and MiVoice for Skype for Business SIP softphone use a 3rd party OpenSSL library to provide cryptographic services for secured communications. Security scans may report that the SIP services of these products are vulnerable to OpenSSL vulnerabilities, including Heartbleed (CVE-2014-0160) and SWEET32 (CVE-2016-2183) are present in the affected products.
Affected Products
Security Bulletins are being issued for the following products:
Product Name | Product Versions | Security Bulletin | Last Updated |
MiCollab Desktop client | MiCollab 6.0 | 17-0008-001 |
2017-06-05 |
MiCollab Desktop client | MiCollab 7.0, 7.1, 7.2, 7.3, 7.3.0.104 |
||
MiVoice for Lync | 1.1.2.5 | ||
MiVoice for Skype For Business | 1.1.3.3, 1.2.0.11, 1.3.2.2, 1.4.0.102 |
Risk Assessment
The risk associated with these vulnerabilities in the noted products is considered low-to-moderate.
Refer to product Security Bulletins for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued new releases of the affected software applications. Customers are advised to update their software to the latest versions.
Refer to the Security Bulletin for more information.
External References
https://sweet32.info
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
http://heartbleed.com
Related CVEs / CWEs / Advisories
CVE-2016-2183
CVE-2014-0160