Mitel Product Security Advisory 22-0005

MiVoice Business, MiVoice Business Express Buffer Overflow Vulnerability

Advisory ID: 22-0005

Publish Date: 2022-06-08

Last Updated: 2022-06-08

Revision: 1.0

Summary

A buffer overflow vulnerability has been identified in the management interface of MiVoice Business and MiVoice Business Express which could allow arbitrary code execution.

This vulnerability was privately reported to Mitel.

Mitel is recommending customers with affected product versions apply the available remediation.

Credit is given to Exodus Intelligence (exodusintel.com) for highlighting the issue and bringing to our attention.

Affected Products

Product Name

Product Version

Security Bulletin

Last Updated

MiVoice Business

9.3.0.27 and earlier

22-0005-001

2022-06-08

MiVoice Business Express

8.1.2.801 and earlier

22-0005-001

2022-06-08

Risk Assessment

The risk of this vulnerability is rated as Critical for systems deployed with external access to the management interface. The risk is rated as High for systems where access to the management interface is restricted to protected networks.

Refer to the product Security Bulletin for additional statements regarding risk.

Mitigation / Recommended Action

The risk may be mitigated by restricting network access to the management interface to only trusted sources.

Mitel has issued a new release of MiVoice Business as well as scripts for remediation. Customers are advised to apply the available remediation.

Customers are advised to review the product Security Bulletin ID: 22-0005-001. For additional information, contact Product Support.

Related CVEs / CWEs / Advisories

CVE-2022-31784

Revision History

Version	Date	Description
1.0	2022-06-08	Initial Version

First Name

Last Name

Email Address

Relationship to Mitel

By providing the above information, you agree that we may process your personal data in accordance with our Privacy Policy.

Do you agree to the terms and conditions of using our services?