December 6, 2024 at 06:38AM
WatchTowr warned of an unpatched vulnerability in the Mitel MiCollab platform, allowing attackers to access restricted resources. Over 16,000 instances are affected, with an arbitrary file read flaw requiring admin authentication to exploit. Mitel has released patches for related vulnerabilities and recommends users update to the latest version.
**Meeting Takeaways:**
1. **Vulnerability Alert**:
– WatchTowr has identified an unpatched arbitrary file read vulnerability in the Mitel MiCollab platform that affects over 16,000 instances accessible from the internet.
2. **MiCollab Platform Overview**:
– The platform facilitates collaboration through audio/video conferencing, chat, SMS messaging, and web conferencing, supporting various devices.
3. **Exploitation Details**:
– The vulnerability requires authentication as an administrator for successful exploitation, allowing attackers to read restricted files through path traversal techniques.
4. **CVE and Reporting**:
– The vulnerability does not currently possess a CVE identifier. WatchTowr reported the defect to Mitel over 100 days ago and publicly disclosed it last Thursday.
5. **Critical Vulnerability**:
– The vulnerability is linked to CVE-2024-41713, a critical authentication bypass flaw, which lets unauthenticated attackers gain admin access to the MiCollab server.
6. **Mitel’s Response**:
– Mitel issued patches for the authentication bypass flaw on October 9 and has updated notifications regarding the arbitrary file read issue.
7. **Severity Assessment**:
– Mitel considers the severity of the arbitrary file read vulnerability as low, indicating that it does not allow file modifications or privilege escalation.
8. **Recommendations for Users**:
– Users should update to MiCollab version 9.8 SP2 (9.8.2.12) to mitigate the arbitrary file read vulnerability and fix associated critical and high-severity flaws identified (CVE-2024-47223, CVE-2024-47912, CVE-2024-47189).
9. **Future Developments**:
– Mitel has requested a CVE identifier for the unpatched vulnerability and plans to address it in a forthcoming product release.
***Note:*** Users should remain vigilant and apply all recommended updates promptly to minimize security risks.