Security News > 2024 > December > Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
2024-12-05 14:56

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input


News URL

https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-10-21 CVE-2024-41713 Path Traversal vulnerability in Mitel Micollab
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation.
network
low complexity
mitel CWE-22
critical
 9.1
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mitel 65 3 51 28 30 112