Cybersecurity experts have unveiled a proof-of-concept exploit linked to a recently patched critical vulnerability in the Mitel MiCollab platform. This exploit combines the flaw—designated CVE-2024-41713—with an existing zero-day vulnerability, enabling attackers to access files from vulnerable systems.
The vulnerability in question carries a CVSS score of 9.8, highlighted by insufficient input validation within the NuPoint Unified Messaging (NPM) component of MiCollab, facilitating a path traversal attack. MiCollab serves as a comprehensive software and hardware solution that merges voice, video, chat, and SMS messaging functionalities, particularly integrating with Microsoft Teams.
According to WatchTowr Labs, which published a report on its findings, this vulnerability was initially discovered while they were attempting to replicate another critical flaw, CVE-2024-35286, also associated with the NPM component of MiCollab. This prior vulnerability has similar implications, allowing unauthorized access to sensitive data and the execution of arbitrary operations.
Notably, the critical vulnerability permits attackers to send crafted HTTP requests containing the input “..;/”, which can redirect them to the root of the application server. This enables unauthorized access to sensitive system files, including /etc/passwd, without requiring authentication. Additionally, the authentication bypass introduced by CVE-2024-41713 can be exploited in conjunction with an outstanding post-authentication arbitrary file read vulnerability.
Mitel has issued an advisory emphasizing the severity of this exploit, noting that an attacker could potentially gain unauthorized access, compromising the system’s confidentiality, integrity, and availability. If exploited, the vulnerability allows access to provisioning details, which could enable an attacker to perform unwarranted administrative actions on the MiCollab Server.
The company also highlighted another vulnerability, CVE-2024-55550, resulting from inadequate input sanitization, although this flaw primarily exposes non-sensitive information and does not allow for file modification or privilege escalation. Mitel has since patched CVE-2024-41713 in MiCollab versions 9.8 SP2 and later as of October 9, 2024.
This investigation elucidates critical lessons for cybersecurity professionals. Notably, the research indicates that comprehensive access to source code may not always be necessary for validating or reproducing vulnerabilities in commercial off-the-shelf software. Rather, effective online research strategies can be instrumental in identifying potential weaknesses.
Furthermore, recently released updates clarify that the patched version of MiCollab also rectifies a separate SQL injection vulnerability affecting the Audio, Web, and Video Conferencing (AWV) component, which could allow for severe consequences, including unauthorized database operations that could render systems inoperable.
As of December 17, 2024, 8,899 instances of Mitel MiCollab remain exposed, with 54% located in the United States, showcasing the pressing need for organizations to prioritize cybersecurity hygiene and updates.
