Mitel Product Security Advisory MISA-2025-0001

OpenScape 4000 and OpenScape 4000 Manager Privilege Escalation and Command Injection Vulnerabilities

Advisory ID: MISA-2025-0001

Publish Date: 2025-01-22

Last Updated: 2025-01-22

Revision: 1.0

Summary

A privilege escalation vulnerability, CVE-2025-23093, has been identified in the Platform component of OpenScape 4000 and OpenScape 4000 Manager, could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges.
A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands with elevated privileges with potential impacts to the confidentiality, integrity, and availability of the system. This vulnerability could allow a non-administrative malicious user to exploit the system, potentially gaining full control. The vulnerability severity is rated as high.

A command injection vulnerability, CVE-2025-23094, has been identified in the Platform component of OpenScape 4000 and OpenScape 4000 Manager, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization.
A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands within the same privilege level as the web access process, resulting in low impact on the confidentiality, integrity and availability of the system. The vulnerability severity is rated as high.

Exploiting these vulnerabilities together can significantly amplify their impact, potentially resulting in a critical severity.

Mitel is recommending customers with affected product versions update to the available fixes as soon as feasible or apply the available workaround.

Credit is given to Dr. Oliver Matula, Maximilian Platzner, and Tim Kornhuber of DB Systel GmbH for highlighting these issues and bringing these to our attention.

Affected Products

This security advisory provides information on the following products:

Product Name

Version(s) Affected

Solution(s) Available

OpenScape 4000

V11 R0.22.0 through V11 R0.22.1

V10 R1.54.0 through V10 R1.54.1

V10 R1.42.6 and earlier

Upgrade to OpenScape 4000 PLT Hotfix (System & Manager) V11 R0.22.2 or later
Upgrade to OpenScape 4000 PLT Hotfix (System & Manager) V10 R1.54.2 or later
Upgrade to OpenScape 4000 PLT Hotfix (System & Manager) V10 R1.42.7 or later

OpenScape 4000 Manager

V11 R0.22.0 through V11 R0.22.1

V10 R1.54.0 through V10 R1.54.1

V10 R1.42.6 and earlier

These issues impact OpenScape 4000 deployment options: Central Host, Manager, SoftGate, Enterprise Gateway and partially STMIX.

Product statements are related only to supported product versions. Products which have reached End of Support status are not considered.

Vulnerability Severity

The following products have been identified as affected:

Product Name

CVE ID

Severity

CVSS 3.1 Base Score

OpenScape 4000
OpenScape 4000 Manager

CVE-2025-23093

High / 7.8

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

OpenScape 4000
OpenScape 4000 Manager

CVE-2025-23094

High /7.3

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploiting these vulnerabilities together can significantly amplify their impact, potentially resulting in a critical severity.

Mitigations / Workarounds

On the OpenScape 4000 V10/V11 and the OpenScape 4000 Manager V11:

As recommended in the "OpenScape 4000 V10R1 and Affiliated Products Security Checklist", chapter "7.8 Security Mode Configuration" set the “Restricted access to Platform Portal and SSH of Platform and CSTA” flag
1. Navigate to Access Management -> Security Mode Configuration -> Application Access.
2. Activate the mode "Restricted access to Platform Portal and SSH of Platform and CSTA"
- For connected SoftGates and Enterprise Gateways activate under Gateway Security the mode "Enable Gateway Secure Mode (disables HTTPS and SSH access for IP Gateways)"

On the OpenScape 4000 Manager V10:

Enable the secure mode on the platform:
- From the command line interface of the system, run the following command with root privileges:
  - /opt/webservice/scripts/swupdated set_ui_mode 1

Note: To disable secure mode, run the command: /opt/webservice/scripts/swupdated set_ui_mode 0

Solution/ Recommended Action

These issues are corrected in OpenScape 4000 PLT Hotfix (System & Manager) V10 R1.42.7 or V10 R1.54.2 or later, and Hotfix (System & Manager) V11 R0.22.2 or later.

Customers are advised to upgrade to one of these versions or subsequent releases and take additional precautions after upgrade.

For further information, please contact Mitel Product Support.

Related CVEs / CWEs / Advisories

CVE-2025-23093, CVE-2025-23094

Revision History

Version	Date	Description
1.0	2025-01-22	Initial release

Publisher and Legal Disclaimer

Publisher: Mitel PSIRT / [email protected]

The information provided in this advisory is provided "as is" without warranty of any kind. The information is subject to change without notice. Mitel and its affiliates do not guarantee and accept no legal liability whatsoever arising from or connected to the accuracy, reliability, currency or completeness of the information provided. No part of this document can be reproduced or transmitted in any form or by any means - electronic or mechanical - for any purpose without written permission from Mitel Networks Corporation.

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?