CISA reports active exploitation of Mitel MiCollab flaws
Take action: If you are running Mitel's MiCollab VoIP telephony software, be aware that the flaws are actively hacked. You will be attacked. Time to start patching ASAP.
Learn More
CISA has reported two actively exploited vulnerabilities affecting Mitel MiCollab products. This report comes with a mandate for Federal Civilian Executive Branch (FCEB) agencies to apply necessary patches by January 28, 2025.
Vulnerability summary:
- CVE-2024-41713 (CVSS score 9.1) - Path Traversal. Allows unauthorized and unauthenticated access
- CVE-2024-55550 (CVSS score 4.4) - Path Traversal. Allows authenticated administrators to read local files due to insufficient input sanitization.
CVE-2024-41713 can be chained with CVE-2024-55550 to enable unauthenticated remote attackers to read arbitrary files on the server. WatchTowr Labs discovered these vulnerabilities while investigating a previously patched critical vulnerability (CVE-2024-35286) from May 2024.
Users are advised to patch their devices ASAP.
