2024-12-27 08:11:13 Pacfic
Mitel MiCollab Zero-Day Vulnerability Allows Authentication Bypass and File Reading - 21d
A zero-day vulnerability in Mitel MiCollab allows attackers to bypass authentication and read arbitrary files. A proof-of-concept exploit has been released, highlighting the severity of this unpatched vulnerability. This affects the authentication mechanism and file access controls within the platform.
Critical Vulnerabilities in Zyxel, CyberPanel, North Grid, and ProjectSend - 21d
The Cybersecurity and Infrastructure Security Agency (CISA) issued alerts about multiple vulnerabilities being actively exploited in the wild, affecting popular software and hardware products such as Zyxel firewalls, CyberPanel, North Grid, and ProjectSend. These vulnerabilities pose significant security risks, allowing attackers to gain unauthorized access and control of affected systems. Organizations are strongly urged to apply the necessary security updates or mitigations immediately to prevent exploitation. The vulnerabilities include CVE-2024-51378 (CyberPanel), which has a CVSS score of 10.0. Specific details on each vulnerability and remediation steps can be found in the respective security advisories issued by CISA and the affected vendors.
Critical Vulnerabilities in Mitel MiCollab Expose Systems to Unauthorized Access - 21d
Security researchers discovered critical vulnerabilities in Mitel MiCollab, a unified communications platform. These flaws, including CVE-2024-35286 (SQL Injection) and CVE-2024-41713 (authentication bypass), as well as an unpatched arbitrary file read vulnerability, allow unauthorized access to sensitive files and system administration. Proof-of-concept exploits have been released, highlighting the severity of these security risks. The vulnerabilities affect the ‘ReconcileWizard’ servlet and allow attackers to access a server’s filesystem potentially compromising sensitive data and overall system security.