CVE-2024-41713 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Mitel MiCollab Path Traversal Vulnerability

Exploit added

January 7, 2025

Action due

January 28, 2025

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users’ data and system configurations.

References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029

Weakness Enumeration

CWE-ID	CWE Name
CWE-22	Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Known Affected Software Configurations

cpe:2.3:a:mitel:micollab:9.6.2.9:::::-::
cpe:2.3:a:mitel:micollab:9.7:::::-::
cpe:2.3:a:mitel:micollab:9.5.0.101:::::-::
cpe:2.3:a:mitel:micollab:9.6:::::-::
cpe:2.3:a:mitel:micollab:9.4:-::::-::*
cpe:2.3:a:mitel:micollab:9.4:sp1::::-::*
cpe:2.3:a:mitel:micollab:9.3:::::-::
cpe:2.3:a:mitel:micollab:9.2:-::::-::*
cpe:2.3:a:mitel:micollab:9.2:fp1::::-::*
cpe:2.3:a:mitel:micollab:9.2:::::-::
cpe:2.3:a:mitel:micollab:9.1.2:::::-::
cpe:2.3:a:mitel:micollab:9.1:::::-::
cpe:2.3:a:mitel:micollab:9.0:::::-::
cpe:2.3:a:mitel:micollab:8.1.2:::::-::
cpe:2.3:a:mitel:micollab:8.1.1:fp1::::-::*
cpe:2.3:a:mitel:micollab:8.1.1:-::::-::*
cpe:2.3:a:mitel:micollab:8.1:::::-::
cpe:2.3:a:mitel:micollab:8.0:sp2::::-::*
cpe:2.3:a:mitel:micollab:8.0:sp1::::-::*
cpe:2.3:a:mitel:micollab:8.0:fp1::::-::*
cpe:2.3:a:mitel:micollab:-:::::-::
cpe:2.3:a:mitel:micollab:8.0:-::::-::*
cpe:2.3:a:mitel:micollab:7.3:::::-::
cpe:2.3:a:mitel:micollab:9.1.3:::::-::

Details

Source:
NVD

Published:
October 21, 2024

Updated:
January 8, 2025

Risk information

CVSS v3

Base score:
9.1

Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v2

Not defined