PoC Exploit Published for Unpatched Mitel MiCollab Vulnerability

December 6, 2024 at 06:38AM WatchTowr warned of an unpatched vulnerability in the Mitel MiCollab platform, allowing attackers to access restricted resources. Over 16,000 instances are affected, with an arbitrary file read flaw requiring admin authentication to exploit. Mitel has released patches for related vulnerabilities and recommends users update to the latest version. **Meeting Takeaways:** … Read more

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

December 6, 2024 at 01:07AM A zero-day file read vulnerability in Mitel MiCollab can be exploited with a previously patched bug, allowing unauthorized access to sensitive files. Despite reporting the issue to Mitel over 100 days ago, it remains unpatched. The vulnerability is particularly concerning given the platform’s widespread use. **Meeting Takeaways:** 1. **Vulnerability Overview**: … Read more

Bypass Bug Revives Critical N-Day in Mitel MiCollab

December 5, 2024 at 04:31PM Two vulnerabilities in Mitel’s MiCollab platform expose enterprise data risks. CVE-2024-35286 and CVE-2024-41713 enable unauthorized access and file reading. Attackers can exploit these flaws, especially with public MiCollab devices, posing serious threats to organizational communication and data integrity. Mitel has patched some issues, but one remains unaddressed. ### Meeting Takeaways: … Read more

Mitel MiCollab zero-day flaw gets proof-of-concept exploit

December 5, 2024 at 10:41AM A zero-day vulnerability in Mitel MiCollab allows unauthorized file access on servers. Discovered by watchTowr, it remains unpatched after 90 days. Users are urged to implement security measures and monitor for suspicious activity until a fix is available, as Mitel plans to address the issue in December 2024. **Meeting Takeaways:** … Read more

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

December 5, 2024 at 10:27AM Cybersecurity researchers revealed a proof-of-concept exploit for a critical vulnerability (CVE-2024-41713) in Mitel MiCollab, enabling unauthorized file access via a path traversal attack. The flaw has been patched in versions 9.8 SP2 and later. Additionally, several vulnerabilities were found in Lorex security cameras, allowing remote code execution. ### Meeting Takeaways … Read more