Mitel Releases Security Update for Mitel MiCollab

Mitel has released a security update to address the Log4Shell vulnerability in their Mitel MiCollab product.

Threat ID:: CC-3997
Threat Severity:: Information only
Published:: 23 December 2021 1:13 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Mitel has released a security update to address the Log4Shell vulnerability in their Mitel MiCollab product.

Affected platforms

The following platforms are known to be affected:

Versions: 7.1 to 9.4

Mitel MiCollab

Threat details

Introduction

Mitel has released a security update to address the Log4Shell vulnerabilities in their Mitel MiCollab digital collaboration software. They claim that an unauthenticated remote attacker could exploit these vulnerabilities to take control of affected systems.

Remediation advice

Affected organisations are encouraged to review the Mitel Product Security Advisory 21-0010 and apply any relevant updates.

Definitive source of threat updates

https://digital.nhs.uk/cyber-alerts/2021/cc-3989

CVE Vulnerabilities

Status Published

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Last edited: 23 December 2021 2:45 pm