ShoreTel Connect: SQL Injection Vulnerability

Version(s) Affected:

This issue affects all Connect builds from 21.70.2173.0 to 21.79.4313.0 but does not affect any ShoreTel 14.2 or earlier builds.

Problem Details:

ShoreTel have released a product bulletin (PB 16054) which details a problem with ShoreTel Connect builds 21.79.4313.0 or earlier that have a deployment of ShoreTel Conferencing, that are vulnerable to SQL Injection attacks. If left on one of these earlier builds and the weakness is exploited, it can leave the Connect systems at risk of having its configuration database exposed and subject to malicious changes.

 

Solution:

Upgrade to the latest build of Connect 21.79.4315.0 or later.

References

Advertisements

ShoreTel Connect

ShoreTel Connect

Over the last couple of days, ShoreTel have been releasing more details on their latest offering – ShoreTel Connect. They have launched the below “A Day In The Life” video to show off exactly how brilliantly simple Connect is:

In addition to this short “A Day In The Life” video, you can click on the ShoreTel Connect logo above or below to find out more details such as:

  • Overviews
  • Quick Views
  • Service and Product Plans
  • Contact Center
  • Mobility
  • ShoreTel Services
  • System Management
  • Hardware
  • Applications
  • Selling Guides
  • Competitive Information

ShoreTel-Connect puzzle color

ShoreTel: ShoreGear T1 and BRI Switch Failure after Upgrade

Affected Version(s):

ShoreTel 14.2 build 19.45.8701.0

Problem Details:

ShoreTel ShoreGear T1 and BRI switches using CAS or BRI trunk types have experienced switch failures after upgrading to ShoreTel 14.2 build 19.45.8701.0. Customers who have upgraded to this build might have noticed the following issues:

• Inbound calls do not work, but outbound calls do work
• ShoreGear T1 and BRI switches that host CAS or BRI trunks might crash and reboot every 5 minutes

Cause:

Upgrading to ShoreTel 14.2 build 19.45.8701.0.

Solution:

The current solution is to download the patch provided on ShoreTel’s website: http://bit.ly/1WCN2Wc

You should only apply this patch to the switches that are running build 19.45.8701.0 and have experienced this issue. Detailed instructions for applying the patch are provided as part of the download file.

ShoreTel: Unable to launch Director on UC Server 25

Affected Version(s):

All versions running on the new UC Server 25.

Problem Details:

ShoreTel Director doesn’t launch after installation on the new UC Server 25.

Cause:

The new UC Server 25 is currently shipping with Microsoft SQL 2012 application installed, which is causing port conflicts on ports used by the ShoreTel MySQL Configuration database. This means that you are able to install the ShoreTel Application, but ShoreTel Director will not launch. When launching Internet Explorer, you will see a Windows security box asking for a username and password; but will be unable to get into the ShoreTel Director home page. This is verified by the Windows Application Event logs and IIS error – Event ID 1007. Event ID 1007 states that the ports needed to launch the ShoreTel Director webpage are not available.

Solution:

The current workaround for this is to carry out the following steps:

• Uninstall the ShoreTel Application (if it has already been installed)
• Uninstall the SQL 2012 Application
• Remove all Roles and Services
• Delete the inetpub folder (located in C:\Program Files)
• Reboot the Server when required
• Add the required ShoreTel Roles and Services outlined in the Installation Guide
• Reboot the Server
• Install the ShoreTel Application

NOTE: DHCP may be running by default. If it is, be sure to disable it.

ShoreTel: Adjust Handset Network/System Settings On 400 Series Handsets

Introduction

This How-To covers adjusting the handset network/system settings on the ShoreTel 400 series handsets (420/480/480g/485g).

Steps:

1: Open Config File

Browse to the following location on your ShoreTel Director Server:

C:\inetpub\ftproot\phoneconfig

From here, there should be the following config files:

custom.txt (global changes to all 400 series handsets)
custom_IP420.txt (changes to all 420 handsets)
custom_IP480.txt (changes to all 480 handsets)
custom_IP480g.txt (changes to all 480g handsets)
customIP485g.txt (changes to all 485g handsets)
custom_MAC.txt (changes to specific handsets based on the MAC address of the handset)

Note: Depending on whether you want to make this a global change, a change to specific types of handsets or single users will depend on which file you want to change.

2: Choose The Parameters To Modify

You can modify the below display settings in this config file:

Enable 802.1x Network (Default: On. Can be either On or Off)

DNS Address (Default: None. Must be a comma-separated list of IP addresses)

NTP Server Address (Default: None. Must be a comma separated list of IP addresses)

LLDP-MED Network Policy Caching (Default: On. Can be either On of Off)

PC Port Enabled (Default: True. Can be either True or False)

Diagnostic Servers (Default: None. Must be a comma-separated list of IP addresses)

Speakerphone Enabled (Default: On. Can be either On or Off)

HTTP Resources – for custom ringtones and wallpaper files (Default: <Headquarters server>/fileserver. Must be either an IP address or full URL path for a dedicated server. Typically, /fileserver points to the installation directory for the phone configuration files. By default this is C:\inetpub\ftproot\.)

Override Config Servers – overrides the configuration server specified in DHCP option tag 156 (Default: None. Must be a comma separated list of IP addresses)

Remote Syslogger – address of the server running the syslog server application (Default: None. Must be formatted as follows: <IP_address or DNS_name>:port:number;protocol whereby the protocol is either tcp or udp. Protocol and port number are optional. If none are set, it will use port 514 as the port and udp as the protocol)

Headset Type (Default: wired. Can be either wired or wireless)

Time Zone (Default: Pacific Standard Time. Other Values: must be specified in plain text)

Please see the below parameters that need to be entered in the config file:

[net]
dot1XEnable
dnsAddress
ntpServerAddress
policyCache
ethernetLink2

[system]
diagnosticServers
enableSpeakerPhone
httpResources
overrideConfigServers
remoteSyslogger

[user]
headsetType
timezone

3: Modify Config File

Add in the relevant parameters to the config file in the following format:

[group]
parameter=value

For example, if we wanted to disable the PC port and speakerphone, you would enter the following:

[net]
ethernerLink2=false

[system]
enableSpeakerPhone=off

4: Save Config File

If you are creating this config file for a single extension, save the file as a new file and name it as follows:

custom_MAC.txt (where MAC is the MAC Address of the handset in question e.g. custom_00104928630b.txt)

Otherwise, just overwrite the existing config file as per the file names in step 1.

5: Reboot The Handset

Once the config file has been saved, reboot the handset and it should pull down the new config file.

Conclusion

After the phone has pulled down the new config file, check to see whether the changes have taken effect. If further adjustments are needed, modify the config file where necessary.

ShoreTel: Adjust Handset Display/Power Settings On 400 Series Handsets

Introduction

This How-To covers adjusting the handset display/power settings on the ShoreTel 400 series handsets (420/480/480g/485g).

Steps:

1: Open Config File

Browse to the following location on your ShoreTel Director Server:

C:\inetpub\ftproot\phoneconfig

From here, there should be the following config files:

custom.txt (global changes to all 400 series handsets)
custom_IP420.txt (changes to all 420 handsets)
custom_IP480.txt (changes to all 480 handsets)
custom_IP480g.txt (changes to all 480g handsets)
customIP485g.txt (changes to all 485g handsets)
custom_MAC.txt (changes to specific handsets based on the MAC address of the handset)

Note: Depending on whether you want to make this a global change, a change to specific types of handsets or single users will depend on which file you want to change.

2: Choose The Parameters To Modify

You can modify the below display settings in this config file:

Idle Brightness – Intensity of the phone backlight when the phone is in the idle state (Default: 5. Other Values: between 1 and 100)

Idle Timeout – The number of minutes without phone activity before the phone transitions to the idles state (Default: 5. A value of 0 means the phone will never go into the idle state)

Sleep Timeout – The number of minutes without phone activity before the phone transitions to the sleep state (Default: 60. A value of 0 means the phone will never go into the sleep state)

Reduce Ethernet Power (Sleep Mode) – Determines whether or not the phone reduces Ethernet power when the phone is in a sleep state (Default: On. If Off is selected, Ethernet power is not reduced)

Suspend USB Devices (Sleep Mode) – Determines whether or not the phone supplies power to USB devices in the USB port of an IP485g when the phone is in a sleep state (Default: On. If Off is selected, USB devices are still powered when the phone is in a sleep state)

Sleep Inhibit Start Time – The time of day a phone display goes from the sleep state to an idle state. (Default: 06:00. Must be configured in a 24 hour clock format: HH:MM)

Sleep Inhibit Stop Time – The time of day a phone display transitions to the sleep state (Default: 19:00. Must be configured in a 24 hour clock format: HH:MM)

Sleep Inhibit Days – The days of the week when Sleep Inhibit Start/Stop are in effect (Default: Mon,Tue,Wed,Thu,Fri. Other Values: none, all)

Display Maximum Brightness – The maximum intensity of the phone backlight when the phone is not in an idle or sleep state (Default: 100. Other Values: between 1 and 100)

Please see the below parameters that need to be entered in the config file:

[power]
idleBrightness
idleTimeout
sleepTimeout
sleepEthernetLowPower
sleepUsbSuspend
sleepInhibitStartTime
sleepInhibitStopTime
sleepInhibitDays

[syscontrol]
displayBrightnessMax

3: Modify Config File

Add in the relevant parameters to the config file in the following format:

[group]
parameter=value

For example, if we wanted to change the idle brightness and the max brightness, you would enter the following:

[power]
idleBrightness=20

[syscontrol]
displayBrightnessMax=90

4: Save Config File

If you are creating this config file for a single extension, save the file as a new file and name it as follows:

custom_MAC.txt (where MAC is the MAC Address of the handset in question e.g. custom_00104928630b.txt)

Otherwise, just overwrite the existing config file as per the file names in step 1.

5: Reboot The Handset

Once the config file has been saved, reboot the handset and it should pull down the new config file.

Conclusion

After the phone has pulled down the new config file, check to see whether the changes have made a difference. If further adjustments are needed, modify the config file where necessary.

ShoreTel: Adjust Volume Gain Settings On 400 Series Handsets

Introduction

This How-To covers adjusting the gain settings on the ShoreTel 400 series handsets (420/480/480g/485g). This is a slightly different process to the 100/200/500 series handsets but still involves editing the phone config file, just in a slightly different way.

Steps:

1: Open Config File

Browse to the following location on your ShoreTel Director Server:

C:\inetpub\ftproot\phoneconfig

From here, there should be the following config files:

custom.txt (global changes to all 400 series handsets)
custom_IP420.txt (changes to all 420 handsets)
custom_IP480.txt (changes to all 480 handsets)
custom_IP480g.txt (changes to all 480g handsets)
customIP485g.txt (changes to all 485g handsets)
custom_MAC.txt (changes to specific handsets based on the MAC address of the handset)

Note: Depending on whether you want to make this a global change, a change to specific types of handsets or single users will depend on which file you want to change.

2: Choose The Parameters To Modify

You can modify the below gain settings in this config file:

Handset Microphone Analog Gain (Default: 6. Other Values: 0, 3, 6, 9, 12)
Handset Microphone Digital Gain (Default: 3. Other Values: -3, 0, 3, 6, 9, 12)
Handset Speaker Analog Gain (Default: -12. Other Values: -18, -15, -12, -9, -6)
Handset Speaker Digital Gain (Default: 0. Other Values: -6, -3, 0, 3, 6)
Headset Microphone Analog Gain (Default: 12. Other Values: 6, 9, 12, 15, 18)
Headset Microphone Digital Gain (Default: 3. Other Values: -3, 0, 3, 6, 9)
Headset Speaker Analog Gain (Default: -12. Other Values: -18, -15, -12, -9, -6)
Headset Speaker Digital Gain (Default: 0. Other Values: -6, -3, 0, 3, 6)
Handset Sidetone Gain (Default: -24. Other Values: -33, -30, -27, -24, -21, -18, -15, -12, -9)

Please see the below parameters relevant to the specified type of handset:

IP420 Settings:
gains.p2.handsetMicAnalogGain
gains.p2.handsetMicDigitalGain
gains.p2.handsetSpeakerAnalogGain
gains.p2.handsetSpeakerDigitalGain
gains.p2.headsetMicAnalogGain
gains.p2.headsetMicDigitalGain
gains.p2.headsetSpeakerAnalogGain
gains.p2.headsetSpeakerDigitalGain
gains.p2.sideToneGaindB

IP480/IP480G Settings:
gains.p8.handsetMicAnalogGain
gains.p8.handsetMicDigitalGain
gains.p8.handsetSpeakerAnalogGain
gains.p8.handsetSpeakerDigitalGain
gains.p8.headsetMicAnalogGain
gains.p8.headsetMicDigitalGain
gains.p8.headsetSpeakerAnalogGain
gains.p8.headsetSpeakerDigitalGain
gains.p8.sideToneGaindB

IP485G Settings:
gains.p8cg.handsetMicAnalogGain
gains.p8cg.handsetMicDigitalGain
gains.p8cg.handsetSpeakerAnalogGain
gains.p8cg.handsetSpeakerDigitalGain
gains.p8cg.headsetMicAnalogGain
gains.p8cg.headsetMicDigitalGain
gains.p8cg.headsetSpeakerAnalogGain
gains.p8cg.headsetSpeakerDigitalGain
gains.p8cg.sideToneGaindB

3: Modify Config File

Add in the relevant parameters to the config file in the following format:

[group]
parameter=value

For example, if we wanted to change the Side Tone Gain (the level at which you hear your voice while speaking into a handset) of a 420 handset, you would enter the following:

[audiohalm]
gains.p2.sideToneGaindB=-21

This would make the Side Tone more audible than the default value of -24. As a general rule of thumb, the lower the value, the lower the gain will be (i.e. for Side Tone Gain, -33 would be the quietest gain level and -9 would be the loudest gain value).

For reference, audiohalm is the group used for each of the above gain settings. Other options require different a different group entry to be set, but all gain settings use the audiohalm group.

NOTE: When adjusting values for any of the above parameters, it is important to remember that analog gain and digital gain are cumulative values. To determine the total gain, add the analog gain and digital gain values. Please be aware that increasing the gain levels can cause echo in the network or distortion for users at either end.

4: Save Config File

If you are creating this config file for a single extension, save the file as a new file and name it as follows:

custom_MAC.txt (where MAC is the MAC Address of the handset in question e.g. custom_00104928630b.txt)

Otherwise, just overwrite the existing config file as per the file names in step 1.

5: Reboot The Handset

Once the config file has been saved, reboot the handset and it should pull down the new config file.

Conclusion

After the phone has pulled down the new config file, carry out some tests to see whether the changes have made a difference. If further adjustments are needed, modify the config file where necessary.