PoC Exploit Published for Unpatched Mitel MiCollab Vulnerability – Source: www.securityweek.com

Attack surface management firm WatchTowr on Thursday warned of an unpatched vulnerability in the Mitel MiCollab enterprise collaboration platform allowing attackers to access restricted resources.

The MiCollab platform provides collaboration capabilities such as audio and video conferencing, chat and SMS messaging, and web conferencing, with support for desk phones, softphones, web clients, and mobile applications.

According to WatchTowr, there are over 16,000 MiCollab instances accessible from the internet, consisting of software deployed to endpoints and servers for coordinating the communication.

All these instances, the cybersecurity firm says, are affected by an arbitrary file read vulnerability that has not been addressed, and which does not have a CVE identifier yet.

Functionality for viewing and saving system reports allows an attacker to inject path traversals and read restricted files, but authentication as an administrator user is required to successfully exploit the bug.

WatchTowr reported the security defect in August, and publicly disclosed it on Thursday, more than 100 days after notifying Mitel. It also released proof-of-concept (PoC) code that chains the bug with CVE-2024-41713 (CVSS score of 9.8), a critical-severity path traversal issue leading to authentication bypass.

The critical vulnerability impacts the collaboration platform’s NuPoint Unified Messaging (NPM) component and allows an unauthenticated attacker to access the MiCollab server with administrative privileges.

Mitel announced patches for the authentication bypass flaw on October 9 and, on Thursday, just as WatchTowr shared technical information on both bugs, updated its advisory for CVE-2024-41713 to confirm the arbitrary file read issue.

“A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation. The exposure is substantially mitigated by applying the available remediation and the vulnerability severity is rated as low,” Mitel says.

The company also notes that a CVE identifier has been requested for the unpatched vulnerability, which will be addressed in a future product release.

In the meantime, users are advised to update to MiCollab version 9.8 SP2 (9.8.2.12), which resolves CVE-2024-41713, mitigating the arbitrary file read. It also patches a critical-severity SQL injection bug (CVE-2024-47223) and high-severity authentication bypass and SQL injection flaws (CVE-2024-47912 and CVE-2024-47189).

Related: Veeam Warns of Critical Vulnerability in Service Provider Console

Related: 8 Degrees of Secure Access Service Edge  

Related: PoC Exploit Released for DoS Vulnerability in OpenSSL

Related: Two New Vulnerabilities Could Affect 40% of Ubuntu Cloud Workloads