SMB1 Remote Code Execution

Advisory ID: 17-0009
Publish Date: 2017-06-05
Revision: 1.0

Summary

Vulnerabilities exist in the Microsoft Windows operating system used on the CPU2 and CPU2-S Application Cards (available for the MiVoice Office 400).

These vulnerabilities allow a remote attacker to execute arbitrary code on the system.

Detailed Description

Multiple vulnerabilities were identified in the Microsoft Windows implementation of the Microsoft Server Message Block 1.0 (SMBv1) server.

As per a Security Bulletin issued by Microsoft,

“An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.

“To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.”

Affected Products

Security Bulletins are being issued for the following products:

Product Name Product Versions Security Bulletin Last Updated 
 CPU2 v1.8.7.x and earlier   17-0009-001
2017-06-05
CPU2-S v4.1.3.x and earlier  

 

Risk Assessment
This vulnerability is high risk and has been assigned a CVSS v2 Base Score of 9.0.

Successfully exploiting this vulnerability will allow a threat actor to perform a limited denial of service, gain access to a user’s MiCollab Client account and all resources authorized for that user, including Voice Mail, Call History and directory information.

Refer to product Security Bulletins for additional statements regarding risk.

Mitigation / Recommended Action

Mitigation's are documented in the associated Security Bulletin. Customers are advised to patch or update their installations of MiCollab where Active Directory is used.

Refer to the associated Security Bulletin for solution information.

External References
n/a

Related CVEs / CWEs / Advisories

CWE-306
CWE-862


Prêt à discuter ? Contactez-nous.