OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0007 Visit http://www.mitel.com/security-advisories for more details.
During installation, MiCC does not harden Microsoft IIS configuration which inadvertently results in two vulnerabilities being introduced to CcmWeb. If successfully exploited, an attacker could read files or perform HTTP redirects.
APPLICABLE PRODUCTS
| Product Name | Versions Affected | Solutions Available |
| MiContact Center | 7.X and earlier | Yes - See Mitigation/Workaround |
RISK / EXPOSURE
CcmWeb allows read access to any file on the install drive using specially formulated URLs
- CVSS V2.0 OVERALL SCORE: 5
- CVSS V2.0 VECTOR: AV:N/AC:L/Au:N/C:P/I:N/A:N
- CVSS BASE SCORE: 5
- CVSS TEMPORAL SCORE: Not defined
- CVSS ENVIRONMENTAL SCORE: Not defined
- OVERALL RISK LEVEL: Low
CcmWeb open redirect security issue
- CVSS V2.0 OVERALL SCORE: 5
- CVSS V2.0 VECTOR: AV:N/AC:L/Au:N/C:P/I:N/A:N
- CVSS BASE SCORE: 5
- CVSS TEMPORAL SCORE: Not defined
- CVSS ENVIRONMENTAL SCORE: Not defined
- OVERALL RISK LEVEL: Low
MITIGATION / WORKAROUND
Both procedures require that the IIS URL rewrite module is installed. For more information, visit http://www.iis.net/downloads/microsoft/url-rewrite
How to block relative paths
The following procedure sets up IIS request filters to block relative paths in query strings in CcmWeb:
- IIS config->Default Web Site->CcmWeb->URL Rewrite
- Add rule->Request blocking.
- Block based on query string.
- Pattern = *..*
How to prevent redirectquery strings
The following procedure configures IIS to block redirecturl query strings in CcmWeb:
- IIS config->Default Web Site->CcmWeb->URL Rewrite
- Add rule->request blocking.
- Block based on query string.
- Pattern = *redirecturl*
PATCH INFORMATION
No patch has been issued for these issues. This issue will be corrected in the next major release of MiCC.APPLIES TO
MiCC Version 7.X
Keywords: 15-0007-001 http redirect security bulletin