Mitel Product Security Advisory 16-0009
Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000
Advisory ID: 16-0009
Publish Date: 2016-03-18
Authentication bypass vulnerabilities have been identified on the MiVoice Office 250 (formerly Mitel 5000).
The discovered vulnerabilities allow unauthorized access to system functions, including user management. Instances of toll-fraud, resulting from these vulnerabilities have been identified.
Due to the attack vector, other negative side-effects are conceivable.
Mitel is recommending customers with affected product versions to update to an unaffected release and take additional precautions.
The following products have been identified as affected:
|Product Name||Product Versions||Security Bulletin||Last Updated|
|MiVoice Office 250||6.1||16-0009-001||2016-03-18|
Mitel has rated the risk of this vulnerability as High.
Refer to the product Security Bulletin for CVSS scoring and additional statements of risk.
Mitigation / Recommended Action
Customers are advised to update MiVoice Office 250 to an unaffected version of software as soon as possible, and take additional precautions to secure their installation.
Refer to the product Security Bulletin for additional recommendations.
Related CVEs / Advisories