Americas
Oceania
Advisory ID: 16-0016
Publish Date: 2016-11-04
Revision: 1.0
Summary
A vulnerability in the 64-bit version of the MiCollab Desktop Client Web Portal service allows bypass of the host’s Windows firewall.
Detailed Description
MiCollab Desktop Client interfaces with Microsoft Outlook for calendar and contacts information. This information is used by the Desktop Client to manage statuses based on calendar information and use local Outlook contacts in the contact directory.
The MiCollab Desktop Client creates a windows firewall policy to allow interaction between itself and the Microsoft Outlook. This policy on 64-bit machine inadvertently opens a vulnerability whereby programs and services can bypass firewall policies.
Affected Products
The following products were identified as affected:
Product Name | Product Versions | Security Bulletin | Last Updated |
MiCollab DT Client (64-bit version) | v7.x v6.x |
16-0016-001 | 2016-11-04 |
Risk Assessment
This vulnerability has been assessed as having a CVSS v2 Base Score of 6.0 with moderate risk. An attacker would have to have access to the system or network to realize any potential benefit from the exploitation of this vulnerability.
Mitigation / Recommended Action
There is no specific mitigation for the vulnerability. Customers are advised to apply updates available for affected versions of the software. Refer to the Security Bulletin for more information.
External References
http://cwe.mitre.org/data/definitions/264.html
Related CVEs / CWEs / Advisories
CWE-264