CVE-2024-41713

CVSS 9.1 CRITICALEPSS 98.1%● KEVCWE-22

In short

A flaw in Mitel MiCollab's messaging system allows attackers to bypass security and access files they shouldn't, potentially viewing or deleting user data and system settings without needing a password.

Technical detail

Path traversal vulnerability in NuPoint Unified Messaging component due to insufficient input validation permits unauthenticated attackers to access arbitrary files on the system. Exploitation enables unauthorized data access, modification, and deletion of user information and critical configurations.

Summary generated and translated by AI from the official description.

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713★ 19 githubgithub.com/zxj-hub/CVE-2024-41713POC★ 0 githubgithub.com/Sanandd/cve-2024-CVE-2024-41713★ 0 githubgithub.com/amanverma-wsu/CVE-2024-41713-Scan★ 0 githubgithub.com/gunyakit/CVE-2024-41713-PoC-exploit★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41713 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029