Security News > 2024 > December > Mitel MiCollab zero-day and PoC exploit unveiled
2024-12-05 14:24
A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit that chains together this zero-day file read vulnerability with CVE-2024-41713, which allows attackers to bypass authentication. A zero-day and PoC to grab sensitive info of MiCollab users In a blog post published on Thursday, Macdonald tells of watchTowr’s quest to reproduce … More → The post Mitel MiCollab zero-day and PoC exploit unveiled appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/12/05/mitel-micollab-zero-day-and-poc-exploit-unveiled/
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Enterprise tech dominates zero-day exploits with no signs of slowdown (source)
- PoC exploit for SysAid pre-auth RCE released, upgrade quickly! (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-41713 | Path Traversal vulnerability in Mitel Micollab A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. | 9.1 |