Washington, December 6, 2024 – Mitel MiCollab flaw CVE-2024-41713 exposes systems to file theft and admin control breaches. Users must update to the latest version to stay secure.
A critical flaw in Mitel MiCollab, a popular business communications platform, has left countless systems vulnerable to cyberattacks. The flaw, tagged as CVE-2024-41713 with a staggering CVSS score of 9.8, allows attackers to exploit a vulnerability in its NuPoint Unified Messaging component.
This alarming weakness enables unauthorized access to sensitive files and administrative controls, shaking the cybersecurity world.
According to WatchTowr Labs, the exploit involves a simple path traversal attack via the ReconcileWizard component, bypassing authentication to access critical files like “/etc/passwd.” Security researcher Sonny Macdonald remarked:
This vulnerability demonstrates how lack of input validation can expose even well-established systems to catastrophic consequences.
Mitel’s MiCollab integrates chat, voice, and video services with platforms like Microsoft Teams, making it indispensable for enterprises. However, this flaw jeopardizes the confidentiality, integrity, and availability of these systems.
In addition to this vulnerability, the company also faces a separate SQL injection flaw in its conferencing component (CVE-2024-47223, CVSS 9.4), exacerbating security concerns.
The exploit could allow attackers to perform unauthorized actions, leaving businesses open to data breaches and operational risks.
Thankfully, the flaw has been patched in the latest MiCollab version 9.8 SP2, released in October. Users are urged to update immediately to mitigate these risks.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
