Mitel NuPoint Unified Messaging (NPM) Vulnerability: Path Traversal Attack
CVE-2024-41713

9.1CRITICAL

Key Information:

Vendor
Mitel
Status
Micollab
Vendor
CVE Published:
21 October 2024

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 3,590πŸ‘Ύ Exploit Exists🟣 EPSS 95%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2024-41713?

CVE-2024-41713 is a significant vulnerability found in the NuPoint Unified Messaging (NPM) component of Mitel's MiCollab system, which is designed to streamline communication services for organizations. This vulnerability is classified as a path traversal attack, which occurs due to insufficient input validation. If successfully exploited by an unauthorized attacker, this flaw could grant access to sensitive information such as user data and system configurations, potentially leading to significant disruptions in communication and data integrity within the organization.

Technical Details

The vulnerability manifests in the NPM component of the Mitel MiCollab system, specifically affecting versions up to 9.8 SP1 FP2 (9.8.1.201). Attackers can potentially bypass security measures and access restricted files by manipulating input paths. This exploitation stems from the lack of adequate validation protocols, which could allow malicious actors to traverse directories beyond the intended scope of the application.

Impact of the Vulnerability

  1. Unauthorized Data Access: One of the primary impacts of CVE-2024-41713 is the unauthorized access to sensitive user data and system configurations, which can lead to information theft or compromise.

  2. Data Corruption or Deletion: An attacker exploiting this vulnerability could not only view but also corrupt or delete vital data, severely impacting the operations and reliability of organizational communication systems.

  3. Operational Disruption: The exploitation of this vulnerability can result in significant disruptions to messaging services, hampering business communications and potentially leading to financial losses and reputational damage.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

News Articles

favicon imageSC Media

CISA adds Mitel and Oracle bugs to exploited vulnerabilities list

Two Mitel MiCollab bugs were added to the KEV catalog, while a patched Oracle WebLogic Server exploit is still under threat.

3 weeks ago

favicon imageThe Register

Mitel 0-day, 5-year-old Oracle RCE exploited in the wild

Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw – and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for...

1 month ago

favicon imageThe Stack

CISA adds 2020 Oracle vulnerability to KEV: We hope you...

Five years after a critical Oracle WebLogic server bug was first reported exploited, CISA has added CVE-2020-2883 to its KEV catalogue.

1 month ago

References

https://www.mitel.com/support/security-advisories/mitel-p...

EPSS Score

95% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ¦…

    CISA Reported

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by watchTowr Labs - Blog

  • Vulnerability published

.