Mitel Product Security Advisory 19-0005

Linux Sudo Bypass of User Restrictions Vulnerability

Advisory ID: 19-0005

First Issue Date: (2019-11-12)

Last Updated: 2019-11-26

Revision: 1.1

 

Summary

A new vulnerability was recently discovered in the sudo package used in Linux and related operating systems.  The sudo vulnerability is a security policy bypass that provides a user or a program the ability to execute commands as high privilege root user on a Linux system. Exploiting the vulnerability requires the user to have sudo privileges that allow them to run commands with any arbitrary user ID other than root.

 

Risk Assessment

Mitel Products are not vulnerable to this issue.  Mitel products by default are configured with Linux operating systems user restrictions, access mechanisms such as local accounts, use of sudo and security policy bypass are not permitted.

 

Affected Products

Mitel Products are not vulnerable to this issue.  Updates will be provided to this Advisory if required.

 

Related CVEs / CWEs / Advisories

CVE-2019-14287

 

Revision History

Version Date Description
1.0  2019-11-12 Initial version 

 

 


Möchten Sie mit unserem Sales Team sprechen?