December 5, 2024 at 10:41AM
A zero-day vulnerability in Mitel MiCollab allows unauthorized file access on servers. Discovered by watchTowr, it remains unpatched after 90 days. Users are urged to implement security measures and monitor for suspicious activity until a fix is available, as Mitel plans to address the issue in December 2024.
**Meeting Takeaways:**
1. **Zero-Day Vulnerability Identified:**
– An arbitrary file read zero-day vulnerability has been discovered in the Mitel MiCollab collaboration platform, enabling attackers to access server files.
2. **Mitel MiCollab Overview:**
– MiCollab is an enterprise communication tool combining voice, video, messaging, and more, widely used by various organizations, including those with remote or hybrid work models.
3. **Lack of Vendor Response:**
– Researchers from watchTowr reported the vulnerability to Mitel on August 26, 2024. Mitel plans to patch the vulnerability in December 2024, but no updates have been provided as of the meeting.
4. **Discovery Process:**
– The zero-day was identified while examining previous vulnerabilities (CVE-2024-35286 and CVE-2024-41713), specifically through tests involving path traversal on the ‘ReconcileWizard’ servlet.
5. **Potential Impact of the Vulnerability:**
– Although less critical than the other known flaws, the zero-day allows unauthorized access to sensitive system files, posing a significant risk.
6. **Previous Attacks:**
– MiCollab has previously been targeted, highlighting the importance of addressing this newly discovered risk.
7. **Immediate Recommendations for Organizations:**
– Limit server access to trusted IP ranges.
– Implement firewall rules to prevent unauthorized external access.
– Monitor logs for suspicious activities and access patterns related to the vulnerability.
– Disable or restrict access to the ReconcileWizard servlet if possible.
– Ensure usage of the latest version of MiCollab, which protects against other critical flaws.
8. **Urgency of Action:**
– Organizations utilizing MiCollab should implement immediate mitigation measures due to the ongoing risk of exploitation.