Full Report
Mitel security advisory (AV26-524)
Analysis Summary
# Vulnerability: Linux Kernel Local Privilege Escalation ("Dirty Frag") in Mitel Products
## CVE Details
- **CVE ID:** CVE-2026-43284, CVE-2026-43500
- **CVSS Score:** Not explicitly listed in advisory (Typically High/Critical for Kernel LPE)
- **CWE:** CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) / CWE-264 (Permissions, Privileges, and Access Controls)
## Affected Systems
- **Products:**
- Mitel Standard Linux
- MiVoice (5000, Border Gateway, Business, Business Solution Virtual Instance, MX-ONE)
- OpenScape (4000, Branch, SBC, Voice Server, Contact Media Service, Xpert Clients)
- MiCollab
- MiCloud Management Portal
- Mitel Open Integration Gateway
- Mitel Performance Analytics (MPA)
- Mitel SIP DECT
- **Versions:**
- Mitel Standard Linux: 12.x and prior
- MiVoice Business: 10.1.x to 10.5.x
- MiVoice MX-ONE: 7.3 to 7.8 and 8.x and prior
- OpenScape 4000: V10 R1.x, V11 R0.22, V11 R1.26 and prior
- Mitel SIP DECT: 9.1, 9.2, 10.0, 10.1 and prior
- *Note: Most listed products affect "X version and prior" as of May 2026.*
- **Configurations:** Systems running the affected Linux Kernel versions providing the underlying OS for Mitel applications.
## Vulnerability Description
These vulnerabilities, dubbed **"Dirty Frag,"** reside in the Linux Kernel's handling of IP fragmentation. Specifically, they involve a flaw in how the kernel reassembles fragmented packets in memory. A local attacker can exploit this memory corruption to bypass security restrictions and elevate their privileges from a standard user to "root" (superuser).
## Exploitation
- **Status:** Not explicitly stated as exploited in the wild in the CCCS brief; however, localized privilege escalation vulnerabilities of this type often see rapid PoC development.
- **Complexity:** Medium
- **Attack Vector:** Local (Requires initial access to the system to execute the exploit code).
## Impact
- **Confidentiality:** High (Full access to system data)
- **Integrity:** High (Ability to modify system files and binaries)
- **Availability:** High (Ability to crash the system or disrupt services)
## Remediation
### Patches
Mitel has released updates for the affected product suites. Users are advised to upgrade to the latest versions released after May 28, 2026. Specific recommended versions include:
- Check the official Mitel Security Advisory portal for specific firmware/software build numbers corresponding to each product line.
### Workarounds
- **Strict Access Control:** Limit SSH and local console access to trusted administrators only to prevent local execution of exploit code.
- **System Hardening:** Implement restrictive "least privilege" policies for any service accounts running on the Mitel infrastructure.
## Detection
- **Indicators of Compromise:** Unusual privilege escalation events in system logs (e.g., `sudo` or `su` attempts from unexpected service accounts).
- **Detection methods and tools:**
- Use Vulnerability Scanners (Nessus, OpenVAS) to identify unpatched Linux kernels.
- Monitor for unexpected kernel panics or memory exhaustion events that may indicate failed exploitation attempts.
## References
- Mitel Product Security Advisory MISA-2026-0004: [hxxps://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0004]
- Mitel Security Bulletins: [hxxps://www.mitel.com/support/security-advisories]
- CCCS Advisory AV26-524: [hxxps://www.cyber.gc.ca/en/alerts-advisories/mitel-security-advisory-av26-524]