Condorlab

Mitel – Vulnerability in MiVoice 5330e VoIP device


Advisory IDRSN-SIP-1620

Vulnerability Information

The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution

Technical Information

An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution

Solutions

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com

External Resources

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0009
https://www.nccgroup.trust/uk/our-research/technical-advisory-mitel-mivoice-5330e-memory-corruption-flaw/

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15497