Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
Summary:
Cybersecurity researchers at WatchTowr Labs have released a PoC exploit that chains together a recently patched critical vulnerability impacting Mitel MiCollab, CVE-2024-41713, and an arbitrary file read zero-day vulnerability that requires authentication to exploit. MiCollab is a software and hardware solution that integrates chat, voice, video, and SMS messaging with Microsoft Teams and other applications.CVE-2024-41713 carries a CVSS score of 9.8 and the other vulnerability, which has not been assigned a CVE, carries a CVSS score of 2.7. CVE-2024-41713 relates to a case of insufficient input validation in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab that results in a path traversal attack. WatchTowr Labs discovered and disclosed CVE-2024-41713 in their effort to reproduce CVE-2024-35286 (CVSS score: 9.8), another critical bug in the NPM component that could permit an attacker to access sensitive information and execute arbitrary database and management operations. This flaw was patched by Mitel in May 2024 in version 9.8.1.5. The notable aspect of this vulnerability is that it involves passing the input "..;/" in the HTTP request to the ReconcileWizard component to allow the attacker into the root of the application server, thus making it possible to access sensitive information. Chaining this with the arbitrary file read flaw compromises the confidentiality of the victimized system.
Analyst Comments:
CVE-2024-41713 has been patched in MiCollab versions 9.8 SP2 (9.8.2.12) or later as of October 9, 2024. This updated version also addresses another SQL injection vulnerability that affects the Audio, Web, and Video conferencing component of MiCollab. A timeline for disclosure can be found in WatchTowr’s blog post. The severity of the potential compromise of software components that facilitate communication such as Mitel MiCollab is underscored by the array of telecom attacks uncovered in recent months. Gaining access to confidential government information via these targeted attacks against communications infrastructure highlights the importance of identifying and securing vulnerable VoIP platforms, as they are attractive targets for opportunistic attacks from APT groups.
Suggested Corrections:
Mitel is recommending customers with affected product versions update to the latest release in their advisory for CVE-2024-41713.
The PoC exploit is available here.
Link(s):
https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html
https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/
Cybersecurity researchers at WatchTowr Labs have released a PoC exploit that chains together a recently patched critical vulnerability impacting Mitel MiCollab, CVE-2024-41713, and an arbitrary file read zero-day vulnerability that requires authentication to exploit. MiCollab is a software and hardware solution that integrates chat, voice, video, and SMS messaging with Microsoft Teams and other applications.CVE-2024-41713 carries a CVSS score of 9.8 and the other vulnerability, which has not been assigned a CVE, carries a CVSS score of 2.7. CVE-2024-41713 relates to a case of insufficient input validation in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab that results in a path traversal attack. WatchTowr Labs discovered and disclosed CVE-2024-41713 in their effort to reproduce CVE-2024-35286 (CVSS score: 9.8), another critical bug in the NPM component that could permit an attacker to access sensitive information and execute arbitrary database and management operations. This flaw was patched by Mitel in May 2024 in version 9.8.1.5. The notable aspect of this vulnerability is that it involves passing the input "..;/" in the HTTP request to the ReconcileWizard component to allow the attacker into the root of the application server, thus making it possible to access sensitive information. Chaining this with the arbitrary file read flaw compromises the confidentiality of the victimized system.
Analyst Comments:
CVE-2024-41713 has been patched in MiCollab versions 9.8 SP2 (9.8.2.12) or later as of October 9, 2024. This updated version also addresses another SQL injection vulnerability that affects the Audio, Web, and Video conferencing component of MiCollab. A timeline for disclosure can be found in WatchTowr’s blog post. The severity of the potential compromise of software components that facilitate communication such as Mitel MiCollab is underscored by the array of telecom attacks uncovered in recent months. Gaining access to confidential government information via these targeted attacks against communications infrastructure highlights the importance of identifying and securing vulnerable VoIP platforms, as they are attractive targets for opportunistic attacks from APT groups.
Suggested Corrections:
Mitel is recommending customers with affected product versions update to the latest release in their advisory for CVE-2024-41713.
The PoC exploit is available here.
Link(s):
https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html
https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/