Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

PoC Exploit Published for Unpatched Mitel MiCollab Vulnerability

WatchTowr has published proof-of-concept (PoC) code for an unpatched vulnerability in the Mitel MiCollab enterprise collaboration platform.

Attack surface management firm WatchTowr on Thursday warned of an unpatched vulnerability in the Mitel MiCollab enterprise collaboration platform allowing attackers to access restricted resources.

The MiCollab platform provides collaboration capabilities such as audio and video conferencing, chat and SMS messaging, and web conferencing, with support for desk phones, softphones, web clients, and mobile applications.

According to WatchTowr, there are over 16,000 MiCollab instances accessible from the internet, consisting of software deployed to endpoints and servers for coordinating the communication.

All these instances, the cybersecurity firm says, are affected by an arbitrary file read vulnerability that has not been addressed, and which does not have a CVE identifier yet.

Functionality for viewing and saving system reports allows an attacker to inject path traversals and read restricted files, but authentication as an administrator user is required to successfully exploit the bug.

WatchTowr reported the security defect in August, and publicly disclosed it on Thursday, more than 100 days after notifying Mitel. It also released proof-of-concept (PoC) code that chains the bug with CVE-2024-41713 (CVSS score of 9.8), a critical-severity path traversal issue leading to authentication bypass.

The critical vulnerability impacts the collaboration platform’s NuPoint Unified Messaging (NPM) component and allows an unauthenticated attacker to access the MiCollab server with administrative privileges.

Mitel announced patches for the authentication bypass flaw on October 9 and, on Thursday, just as WatchTowr shared technical information on both bugs, updated its advisory for CVE-2024-41713 to confirm the arbitrary file read issue.

Advertisement. Scroll to continue reading.

“A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation. The exposure is substantially mitigated by applying the available remediation and the vulnerability severity is rated as low,” Mitel says.

The company also notes that a CVE identifier has been requested for the unpatched vulnerability, which will be addressed in a future product release.

In the meantime, users are advised to update to MiCollab version 9.8 SP2 (9.8.2.12), which resolves CVE-2024-41713, mitigating the arbitrary file read. It also patches a critical-severity SQL injection bug (CVE-2024-47223) and high-severity authentication bypass and SQL injection flaws (CVE-2024-47912 and CVE-2024-47189).

Related: Veeam Warns of Critical Vulnerability in Service Provider Console

Related: 8 Degrees of Secure Access Service Edge  

Related: PoC Exploit Released for DoS Vulnerability in OpenSSL

Related: Two New Vulnerabilities Could Affect 40% of Ubuntu Cloud Workloads

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.