Alert - Vulnerability in Mitel MiCollab and MiVoice Business Express

Number: AL22-003
Date: 8 March 2022

Audience

This Alert is intended for IT professionals and managers of notified organizations.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. that may impact cyber information assets, and to provide additional detection DetectionThe monitoring and analyzing of system events in order to identify unauthorized attempts to access system resources. and mitigation advice to recipients. The Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Overview

On 22 February 2022, Mitel published a security advisory addressing a security access vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in their MiCollab and MiVoice Business Express products that may allow a remote unauthenticated actor to gain unauthorized access, potentially execute code or cause these systems to generate a denial of service (DoS DOSSee denial-of-service attack. ) attack.

Details

On 22 February 2022 Mitel published a security advisory ^{Footnote 1} addressing vulnerabilities in their MiCollab and MiVoice Business Express products. Exploitation of these vulnerabilities may result in unauthorized access to sensitive information and services or arbitrary code execution. By submitting specially-crafted messages, a remote actor can also abuse these systems to generate large volumes of network traffic that can be used in a denial of service (DoS) attack.

On March 8, the Cyber Centre released a security advisory covering these Mitel products, and multiple sources published articles with details regarding this vulnerability and associated observed exploitation activity ^{Footnote 3Footnote 4Footnote 5Footnote 6}.

Multiple sources ^{Footnote 4Footnote 5Footnote 6} have reported that this vulnerability has been exploited to achieve significant reflection/amplification of traffic that has been abused to launch impactful DDoS DDOSSee Distributed denial-of-service attack. activity. Reports indicate that exploitation of this vulnerability has resulted in amplification of 53 million packets per second, and that this activity can be sustained over several hours.

Mitigation

For organizations who have deployed these products, Mitel has recommended the following mitigations to protect these systems from external abuse:

• Configure the systems behind a firewall or border gateway device to ensure MiCollab/MiVoice are not exposed directly to the internet
• Apply appropriate firewall rules to block external access to specific ports (UDP 10074)
• Mitel has made a script available ^{Footnote 2} to provide mitigation for this vulnerability

For defenders of network perimeters, it is recommended to use a layered approach to security by implementing multiple controls and techniques and to ensure that a plan is in place to mitigate and respond to DDoS attacks.

• Review and implement guidance from the Cyber Centre publication ^{Footnote 7} on protecting your organization against denial of service attacks
• Monitor UDP ports for traffic incoming from UDP port 10074 and consider applying mitigations such as firewall rules if activity described in this Alert is observed