A known remote code execution vulnerability, CVE-2022-29499, was discovered with the Linux-based Mitel VoIP (Voice over Internet Protocol) application. Once exploited, this vulnerability allows a threat actor to gain root privileges to the system and plant ransomware. Barracuda MSP recommends staying up to date with all critical patches that Mitel provides.
What is the threat?
A remote code execution vulnerability exists in the Mitel MiVoice appliances SA 100, SA 400 and Virtual SA. Mitel is a popular business phone system and unified communication-as-a-service (UCaaS) provider to organizations of all sizes. Mitel’s VoIP technology allow users to make phone calls using Internet connection instead of regular telephone lines. An attacker who successfully executes this remote code can gain root privileges on the user or organizations devices remotely. This vulnerability has been categorized as a zero-day indicating that it was an unknown flaw
Why is it noteworthy?
According to security researchers, there are nearly 21,500 publicly accessible Mitel devices online, where majority are in the U.S., followed by the U.K., Canada, France, and Australia. This remote code execution vulnerability gives hackers access to vulnerable devices if unpatched. When news of a zero-day vulnerability breaks publicly, attackers are likely to accelerate attacks on targets where possible, while the window remains open.
What is the exposure or risk?
When exploited this vulnerability allows an attacker to have complete and unrestricted access to the devices running MiVoice Connect versions 19.2 SP3 and earlier. If an attacker can run remote code, they can easily install programs, exfiltrate, view, change, delete data, or create new accounts in the context allowed by the user’s rights. These privileges give the attacker the tools to conduct a ransomware event, impersonation, and obtain credential information that can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of an arbitrary code execution attack:
- Tighten defense mechanisms by performing threat modeling and identifying malicious activity.
- Be observant of any new potential unauthorized activity.
- Keep all applications updated to enforce new security measures
- Continue to stay up to date with our threat advisories for updates.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.