Severe Vulnerability in Mitel MiCollab Exposes Systems to Unauthorized File Access and Administrative Control

ISGroup Cybersecurity

Recent discoveries have highlighted critical vulnerabilities in Mitel MiCollab, a unified communications platform that integrates voice, video, and messaging. The flaws, identified as CVE-2024-41713 (CVSS: 9.8) and CVE-2024-47223 (CVSS: 9.4), expose systems to severe risks such as unauthorized file access and administrative control. Alarmingly, over 14,000 services are identified on public platforms each year.

ProductMitel MiCollab
Date2024-12-06 09:45:00
Information
  • Trending
  • Fix Available

Technical Summary

CVE-2024-41713

  • Impact: Path traversal due to insufficient input validation in the NuPoint Unified Messaging (NPM) component. Attackers can exploit this vulnerability using malicious input (e.g., ..;/) to access sensitive files like /etc/passwd without authentication.
  • Exploitation: By combining this vulnerability with an unpatched zero-day arbitrary file read flaw, attackers can extract sensitive provisioning data and perform unauthorized administrative actions on the MiCollab server.

CVE-2024-47223

  • Impact: SQL injection vulnerability in the Audio, Web and Video Conferencing (AWV) component. Exploitation allows attackers to execute arbitrary queries on the database, leading to data leaks or rendering the system inoperable.

Common threats:

  • Data breach: Unauthorized access to sensitive user and network information.
  • Service disruption: System compromise affecting operational availability and integrity.
  • Administrative exploitation: Unauthorized system modifications and administrative control.

Recommendations

  1. Update to the latest version:

    • Apply the patches provided by Mitel: update to MiCollab 9.8 SP2 (9.8.2.12) or later versions to resolve CVE-2024-41713 and CVE-2024-47223.
    • Regularly monitor vendor advisories for any new patches.
  2. Restrict access:

    • Enforce strict access control policies to minimize the risks of unauthorized access.
    • Limit the exposure of MiCollab instances to internal networks and trusted IP ranges.
  3. Input sanitization:

    • Perform rigorous input validation to mitigate SQL injection and path traversal attacks.

[Callforaction-THREAT-Footer]