FlagThis

A critical zero-day vulnerability in Mitel MiCollab has been discovered, allowing attackers to bypass authentication and access arbitrary files. Security researchers at watchTowr found this flaw, which, when combined with the previously patched CVE-2024-41713, grants complete system access. This impacts the NuPoint Unified Messaging (NPM) component, affecting voice communication, video conferencing, and file sharing, potentially exposing sensitive business data. A proof-of-concept exploit has been released, highlighting the severity of the unpatched vulnerability and the significant risk to the over 16,000 publicly accessible MiCollab instances.

The vulnerability stems from insufficient input validation within the system, allowing authenticated users to read any file, including sensitive system files such as /etc/passwd. The combination of this zero-day with CVE-2024-41713 creates a powerful exploit chain, enabling complete authentication bypass. While a previous vulnerability, CVE-2024-35286, a critical pre-authenticated SQL injection, was patched in May 2024, the unpatched nature of this new zero-day poses a serious threat. watchTowr responsibly disclosed the vulnerability to Mitel in August, but as of December 6th, 2024, a patch remains unavailable.

ImgSrc: securityonline.

References :

• watchTowr Labs: Details about a zero-day vulnerability in Mitel MiCollab that enables authentication bypass and arbitrary file reading.
• securityonline.info: Analysis of an unpatched zero-day vulnerability in the Mitel MiCollab collaboration platform that exposes businesses to serious security risks.
• socradar.io: Mitel MiCollab PoC Exploit Links CVE-2024-41713 and Zero-Day, Exposing Sensitive Files

Classification:

• HashTags: #Mitel #MiCollab #ZeroDay
• Company: Mitel
• Target: Mitel MiCollab users
• Attacker: N A
• Product: Mitel MiCollab
• Feature: authentication bypass
• Malware: N A
• Type: 0Day
• Severity: Major