Mitel Product Security Advisory 16-0018
MiCollab Client Web Portal Call Service Vulnerability
Advisory ID: 16-0018
Publish Date: 2016-11-04
A vulnerability in the MiCollab Client Web Portal service has been identified, allowing authenticated users to place calls using a different user’s account.
Credit is given to Michiel Singor for the discovery
This vulnerability makes it possible to place calls from a variable source to a variable destination without validating the source of the POST
Using the REST interface, a user can use the authorization header using tool such as curl. Using the SOAP interface, tool such as SOAP UI can be used to be used to exploit it with user/password.
The following products were identified as affected:
|Product Name||Product Versions||Security Bulletin||Last Updated|
|MiCollab||6.0 SP1 and earlier||n/a||2016-11-04|
This vulnerability has been assessed as having a CVSS v2 Base Score of 4.9 with low risk. An attacker would need access to a valid account to misuse any privileged features, including the ability to conduct Toll-Fraud.
|CVSS v2.0 OVERALL SCORE:||4.9|
|CVSS v2.0 VECTOR:||AV:N/AC:M/Au:S/C:P/I:P/A:N|
|CVSS BASE SCORE:||4.9|
|CVSS TEMPORAL SCORE:||not provided|
|CVSS ENVIRONMENTAL SCORE:||not provided|
|OVERALL RISK LEVEL:||Low|
Mitigation / Recommended Action
This issue has been corrected in vMAS 22.214.171.124 and vUCA 126.96.36.199. Administrators of older product versions should ensure that only trusted users are granted permissions to use affected versions of the MiCollab applications.
Related CVEs / CWEs / Advisories