A known remote code execution vulnerability, CVE-2022-29499, was discovered with the Linux-based Mitel VoIP (Voice over Internet Protocol) application. This vulnerability allows a threat actor to gain root privileges to the system and plant ransomware.
What is the threat?
A remote code execution vulnerability exists in the Mitel MiVoice appliances SA 100, SA 400 and Virtual SA. Mitel is a popular business phone system and unified communication-as-a-service (UCaaS) provider to organizations of all sizes. Mitel’s VoIP technology allow users to make phone calls using Internet connection instead of regular telephone lines. An attacker who successfully executes this remote code can gain root privileges on the user or organizations devices remotely. This vulnerability has been categorized as a zero-day indicating that it was an unknown flaw
Why is it noteworthy?
According to security researchers, there are nearly 21,500 publicly accessible Mitel devices online, where majority are in the U.S., followed by the U.K., Canada, France, and Australia. This remote code execution vulnerability gives hackers access to vulnerable devices if unpatched. When news of a zero-day vulnerability breaks publicly, attackers are likely to accelerate attacks on targets where possible, while the window remains open.
What is the exposure or risk?
When exploited this vulnerability allows an attacker to have complete and unrestricted access to the devices running MiVoice Connect versions 19.2 SP3 and earlier. If an attacker can run remote code, they can easily install programs, exfiltrate, view, change, delete data, or create new accounts in the context allowed by the user’s rights. These privileges give the attacker the tools to conduct a ransomware event, impersonation, and obtain credential information that can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.
To help with any issues, contact us at Access Tech for a complimentary call to assess your needs and security risks. We have been helping customers for over 12 years to connect their business strategy with IT solutions.