Mitel Product Security Advisory 17-0008
OpenSSL Vulnerabilities in MiCollab Desktop Applications
Advisory ID: 17-0008
Publish Date: 2017-06-05
Vulnerabilities related to older versions of OpenSSL have been identified in certain MiCollab Applications running for use on the Microsoft Windows platform.
MiCollab Desktop client, MiVoice for Lync and MiVoice for Skype for Business SIP softphone use a 3rd party OpenSSL library to provide cryptographic services for secured communications. Security scans may report that the SIP services of these products are vulnerable to OpenSSL vulnerabilities, including Heartbleed (CVE-2014-0160) and SWEET32 (CVE-2016-2183) are present in the affected products.
Security Bulletins are being issued for the following products:
|Product Name||Product Versions||Security Bulletin||Last Updated|
|MiCollab Desktop client||MiCollab 6.0||17-0008-001||2017-06-05|
|MiCollab Desktop client||MiCollab 7.0, 7.1, 7.2, 7.3, 188.8.131.52|
|MiVoice for Lync||184.108.40.206|
|MiVoice for Skype For Business||220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199|
The risk associated with these vulnerabilities in the noted products is considered low-to-moderate.
Refer to product Security Bulletins for additional statements regarding risk.
Mitigation / Recommended Action
Mitel has issued new releases of the affected software applications. Customers are advised to update their software to the latest versions.
Refer to the Security Bulletin for more information.
Related CVEs / CWEs / Advisories