Mitel Vulnerability Advisory | June 2022

Threat actors are actively exploiting a vulnerability in Mitel VoIP (Voice over Internet Protocol) appliance. Here's what you need to know.

Background

On April 19, 2022, Mitel issued a security advisory for a critical vulnerability, CVE-2022-29499, found in their Mitel Service Appliance component of MiVoice Connect. Mitel is a telecommunications company that provides business phone systems and unified communications as a service (UCaaS) to businesses. This vulnerability allows a threat actor to remotely execute code on vulnerable devices.

Quick facts: what you need to know

  • Vulnerable Mitel Service Appliances include SA 100, SA 400, and Virtual SA.
  • Crowdstrike reported that the vulnerability is being actively exploited by ransomware operators.
  • The vulnerability allows for remote code execution that would allow the attacker to gain control of the device.

Next Steps for Mitel VoIP Customers

  1. Mitel provided scripts for remediation, customers will need to:
    1. Review the product Security Bulletin ID: 22-0002-001,
    2. Login to your MiAccess account to access instructions and resources for mitigation. Contact Mitel Product Support if you are unable to access the below.
      1. Mitel Knowledge Base article for Partners 
      2. Mitel Knowledge Base article for Enterprise customers 

If you have any questions, please reach out to the Risk + Response Team at services@corvusinsurance.com!