Mitel 3300 Integrated Communications Platform Web Interface Authentication Bypass Vulnerability

Bugtraq ID:	12682
Class:	Design Error
CVE:	CVE-2004-0944
Remote:	Yes
Local:	No
Published:	Feb 28 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Corsaire Limited is responsible for disclosure of this issue.
Vulnerable:	Mitel 3300 Integrated Communication Platform
Not Vulnerable:

Mitel 3300 Integrated Communications Platform Web Interface Authentication Bypass Vulnerability

A remote authentication bypass vulnerability affects the Web interface of Mitel 3300 Integrated Communications Platform. This issue is due to a design error in the session IDs produced to manage authenticated users.

This issue will allow an attacker to gain authenticated access to the Web interface of an affected device, facilitating further attacks.

Mitel 3300 Integrated Communications Platform Web Interface Authentication Bypass Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Mitel 3300 Integrated Communications Platform Web Interface Authentication Bypass Vulnerability

Solution:
Mitel has released 3300 ICP Release 5.2 to address this issue. This software is available for registered customers at the following location:
www.mitel.com

Mitel 3300 Integrated Communications Platform Web Interface Authentication Bypass Vulnerability

References:

• Mitel 3300 Integrated Communications Platform Product Page (Mitel)
  
• MITEL SECURITY ADVISORY MNSA-2005-001 (Mitel Networks)
  
• NISCC Vulnerability Advisory 723548/NISCC/CORSAIRE/MITEL (NISCC)