Organizations have been urged by Mitel to remediate a critical path traversal vulnerability in the MiCollab communications and collaboration platform, which could be exploited to compromise provisioning data, reports SecurityWeek.
Attackers could also leverage the issue, which stems from MiCollab's NuPoint Unified Messaging component, to facilitate unauthorized MiCollab Server admin activities, according to Mitel, which noted the flaw to have been addressed in MiCollab versions 9.8 SP3 and later. Intrusions involving the flaw could be targeted against internet-exposed MiCollab instances, said cybersecurity researcher Dahmani Toumi, who discovered the bug. Such a security defect, which could also result in service interruptions and additional systems compromise, was noted by Toumi to be a bypass for the fix Mitel had issued for the actively exploited flaw, tracked as CVE-2024-41713, and has already been fixed by the firm in February. Vulnerable Mitel internet-connected phones had already been targeted for the distribution of the Mirai-based Aquabotv3 botnet in distributed denial-of-service attacks.
Attackers could also leverage the issue, which stems from MiCollab's NuPoint Unified Messaging component, to facilitate unauthorized MiCollab Server admin activities, according to Mitel, which noted the flaw to have been addressed in MiCollab versions 9.8 SP3 and later. Intrusions involving the flaw could be targeted against internet-exposed MiCollab instances, said cybersecurity researcher Dahmani Toumi, who discovered the bug. Such a security defect, which could also result in service interruptions and additional systems compromise, was noted by Toumi to be a bypass for the fix Mitel had issued for the actively exploited flaw, tracked as CVE-2024-41713, and has already been fixed by the firm in February. Vulnerable Mitel internet-connected phones had already been targeted for the distribution of the Mirai-based Aquabotv3 botnet in distributed denial-of-service attacks.
