Security News > 2024 > December > Mitel MiCollab zero-day and PoC exploit unveiled
2024-12-05 14:24
A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit that chains together this zero-day file read vulnerability with CVE-2024-41713, which allows attackers to bypass authentication. A zero-day and PoC to grab sensitive info of MiCollab users In a blog post published on Thursday, Macdonald tells of watchTowr’s quest to reproduce … More → The post Mitel MiCollab zero-day and PoC exploit unveiled appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/12/05/mitel-micollab-zero-day-and-poc-exploit-unveiled/
Related news
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-41713 | Path Traversal vulnerability in Mitel Micollab A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. | 9.1 |