Last updated on July 28th, 2022 at 12:27 am
A 0-day vulnerability detected in Linux-based Mitel MiVoice VOIP devices was found to be used by threat actors to execute code on vulnerable systems. Critical organizations in various industries rely on Mitel VOIP devices for their telephony needs.
The 0-day RCE vulnerability, tracked as CVE-2022-29499, is used by threat actors to gain access to the network. And successful first accesses are observed as the beginning of larger ransomware attacks.
The vulnerability affecting the Service Appliance component in Mitel MiVoice Connect exists due to incorrect data validation. MiVoice Connect devices using the Service Appliance component and affected by the vulnerability are as follows;
- SA 100
- SA 400
- Virtual SA
There is no official update yet that fixes the vulnerability. However, on April 19, 2022, Mitel released a hotfix script for the following affected versions;
- MiVoice Connect versions 19.2 SP3 and earlier.
- R14.x versions
The vulnerability has been exploited in at least one ransomware campaign. In this context, it is recommended to regularly monitor the updates that correct the vulnerability and implement the mitigation measures immediately. Also, it is important to take advantage of comprehensive security solutions for potential ransomware attacks.