9.1
CVSSv3

CVE-2024-41713

CVSSv4: NA | CVSSv3: 9.1 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.95267 | KEV: Exploitation Reported
Published: 21/10/2024 Updated: 08/01/2025

Vulnerability Summary

Path Traversal Vulnerability in Mitel MiCollab Enables Data Breach

A weakness is found in the NuPoint Unified Messaging part of Mitel MiCollab up to version 9.8 SP1 FP2 (9.8.1.201). This flaw could let an attacker, without logging in, perform a path traversal attack. The problem is caused by poor input checks. If exploited, it could give the attacker access to view, change, or erase user data and system settings.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mitel micollab -

mitel micollab

Github Repositories

CVE-2024-41713 Mitel MiCollab Authentication Bypass to Arbitrary File Read See our blog post for technical details __ ___ ___________ __ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________ \ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \ \ / / __ \| | \ \___| Y | |

Two critical vulnerabilities have been discovered in Mitel MiCollab, a popular unified communication platform. These flaws can allow attackers to gain unauthorized access to sensitive files and perform administrative actions

Mitel MiCollab Exploit Exploit for Mitel MiCollab Authentication Bypass and Arbitrary File Read Vulnerability (CVE-2024-41713) Author: 0xNehru Description This repository contains a proof-of-concept (PoC) script to exploit two vulnerabilities in Mitel MiCollab: Authentication Bypass (CVE-2024-41713) Arbitrary File Read (Unassigned CVE) A successful exploit allows unauthentic

Two critical vulnerabilities have been discovered in Mitel MiCollab, a popular unified communication platform. These flaws can allow attackers to gain unauthorized access to sensitive files and perform administrative actions

Mitel MiCollab Exploit Exploit for Mitel MiCollab Authentication Bypass and Arbitrary File Read Vulnerability (CVE-2024-41713) Author: 0xNehru Description This repository contains a proof-of-concept (PoC) script to exploit two vulnerabilities in Mitel MiCollab: Authentication Bypass (CVE-2024-41713) Arbitrary File Read (Unassigned CVE) A successful exploit allows unauthentic

A Python script to detect CVE-2024-41713, a directory traversal vulnerability in Apache HTTP Server, enabling unauthorized access to restricted resources. This tool is for educational purposes and authorized testing only. Unauthorized usage is unethical and illegal.

CVE-2024-41713 Scanner This repository contains a Python script to detect the presence of the CVE-2024-41713 vulnerability in Apache HTTP Server CVE-2024-41713 is a directory traversal vulnerability that allows unauthorized attackers to access restricted resources on vulnerable servers About CVE-2024-41713 The vulnerability arises due to improper sanitization of user-supplied

Mitel MiCollab 企业协作平台 任意文件读取漏洞(CVE-2024-41713)由于Mitel MiCollab软件的 NuPoint 统一消息 (NPM) 组件中存在身份验证绕过漏洞,并且输入验证不足,未经身份验证的远程攻击者可利用该漏洞执行路径遍历攻击,成功利用可能导致未授权访问、破坏或删除用户的数据和系统配置。影响范围:version < MiCollab 9.8 SP2 (9.8.2.12)

CVE-2024-41713POC Mitel MiCollab 企业协作平台 任意文件读取漏洞(CVE-2024-41713)由于Mitel MiCollab软件的 NuPoint 统一消息 (NPM) 组件中存在身份验证绕过漏洞,并且输入验证不足,未经身份验证的远程攻击者可利用该漏洞执行路径遍历攻击,成功利用可能导致未授权访问、破坏或删除用户的数据和系统

cve-2024-CVE-2024-41713

cve-2024-CVE-2024-41713 cve-2024-CVE-2024-41713

Recent Articles

CISA warns of critical Oracle, Mitel flaws exploited in attacks
BleepingComputer • Sergiu Gatlan • 07 Jan 2025

CISA warns of critical Oracle, Mitel flaws exploited in attacks By Sergiu Gatlan January 7, 2025 01:45 PM 0 CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. The cybersecurity agency added a critical path traversal vulnerability (CVE-2024-41713) found in the NuPoint Unified Messaging (NPM) component Mitel's MiCollab unified communications platform to its Known...

Mitel MiCollab zero-day flaw gets proof-of-concept exploit
BleepingComputer • Bill Toulas • 05 Dec 2024

Mitel MiCollab zero-day flaw gets proof-of-concept exploit By Bill Toulas December 5, 2024 06:00 AM 0 Researchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server's filesystem. Mitel MiCollab is an enterprise collaboration platform that consolidates various communication tools into a single application, offering voice and video calling, messaging, presence information, audio conferencing, mobility support,...

Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources 3 CVEs added to CISA's catalog

Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw – and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for at least five years. Here are the three, all of which the US Cybersecurity and Infrastructure Security Agency (CISA) added to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation: Two of the three – Mitel's CVE-2024-41713, and Oracle's CVE-2020-2883 – ha...

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Still unpatched 100+ days later, watchTowr says

A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable instances.  A proof-of-concept (PoC) exploit that strings together the two flaws, both spotted and disclosed to Mitel by watchTowr, which on Thursday published the PoC after waiting 100-plus days for the vendor to issue a fix. The Register has reached out to Mitel for comment and did not immediately recei...