CVE-2024-41713: Mitel MiCollab Path Traversal Vulnerability

CVE ID

CVE-2024-41713

Vulnerability Name

Mitel MiCollab Path Traversal Vulnerability

• Project: Mitel
• Product: MiCollab

Date

• Date Added: 2025-01-07
• Due Date: 2025-01-28

Description

Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-41713

Related Security News

• Mitel warns of critical MiVoice MX-ONE authentication bypass flaw
• Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
• Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
• CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
• CISA warns of critical Oracle, Mitel flaws exploited in attacks

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List