Notified:  April 11, 2014 Updated: April 18, 2014

Statement Date:   April 18, 2014

Status

Affected

Vendor Statement

The vulnerability was discovered during testing. The vulnerability is highly unlikely and no data breaches in the field have been identified by AMTELCO nor have any been reported by customers, users, or other sources. AMTELCO has notified all miSecureMessages customers to offer the recommended mitigation step of upgrading to the currently available miSecureMessages Server release 6.3. Detailed information about this vulnerability and the recommended mitigation is available to AMTELCO miSecureMessages customers by accessing the AMTELCO technical support web page https://service.amtelco.com or by contacting Amtelco at 1800-356-9148.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• https://service.amtelco.com

Addendum

We attempted to notify AMTELCO via email (, found on the "Contact Us" page), sending messages on March 12 and March 18, 2014. Not receiving a response, we published Vulnerability Note VU#251628 on April 11, 2014. We made two mistakes: First, not waiting the usual 45 days before publishing, and second, not making further attempts to contact AMTELCO (for example, calling them).