Mutare Security Advisory
Advisory ID | MUTARE-2021-004 |
Severity | High |
CVE | CVE-2021-27233 |
Published Date | February 5, 2021 |
Revision Date | February 16, 2021 |
Overview
Password visible to administrator users via web portal.
Affected Products/Versions
Mutare Voice (EVM), 3.0.0-3.3.7
Vulnerability Details
On the admin portal of the Mutare Voice (EVM) web application, password information for external systems is visible in cleartext. Settings.asp page is affected by this issue.
Workarounds
Affected pages are admin-facing and could be removed from user-facing implementations until the system could be patched.
Solution
Upgrading Mutare Voice (EVM) to release 3.3.8 fixes the vulnerability by obfuscating the external password values via the web portal.
References
Acknowledgements
Mutare would like to thank Tesla for reporting this issue and working with Mutare to help protect our customers.