Mitel VoIP 3100 Information Disclosure Vulnerability via TELNET

A vulnerability exists in Mitel ICP VoIP 3100 devices, allowing remote users to access sensitive call information through the TELNET interface. When a user attempts to log in and an external call is received, the system inadvertently reveals details about the call, including the service type, extension number, and other related parameters. This issue arises from an access control error and a state error, enabling unauthorized disclosure of call data during the login process.

Impact

Exploitation of this vulnerability allows for unauthorized access to call data, including phone numbers and call details, such as duration and service type, from the affected VoIP system.

Reproduction

To reproduce this vulnerability, connect to the device's TELNET port. When the login prompt appears, enter an invalid username and password. While waiting for the login response, an incoming call will trigger the disclosure of call information. The system will display SMDR records, including the extension number, service type, and other call-related data. This vulnerability can only be exploited from the local network.

Remediation

Mitel has acknowledged this vulnerability and is working on a fix for an upcoming release. Users should contact Mitel's security team for further information.