A hazardous vulnerability in Mitel MiCollab, a popular enterprise collaboration tool, has been exposed, raising concerns for thousands of businesses worldwide. The flaw, discovered by cybersecurity researchers at watchTowr, allows attackers to possibly access sensitive files stored on vulnerable systems.
The vulnerability, classified as a zero-day arbitrary file read exploit, can be combined with another critical bug in the same platform, previously patched by Mitel. This combination creates a pathway for attackers to gain unauthorized access to confidential data. WatchTowr, after waiting over 100 days for Mitel to address the zero-day vulnerability, publicly released a proof-of-concept exploit on Thursday.
“The Register” reached out to Mitel for comment on the zero-day vulnerability and the timeline for a patch, but did not receive an immediate response.
Mitel MiCollab is a widely used platform, boasting over 16,000 instances across the internet. It enables businesses to connect employees and customers through various communication channels, including voice, video, chat, and file sharing. This widespread adoption makes it a prime target for cybercriminals, including ransomware gangs.
“As such, it’s a very attractive target for ransomware gangs and other cybercriminals,” a security expert noted.
The disclosure of this vulnerability highlights the ongoing threat posed by cyberattacks and the importance of timely patching for businesses relying on critical software like Mitel MiCollab.
In a recent cybersecurity alert, researchers from watchTowr, a prominent cybersecurity firm, revealed the finding of two critical vulnerabilities affecting Mitel’s MiCollab unified communications platform.These vulnerabilities, disclosed to Mitel in may and afterward patched, could have allowed malicious actors to compromise sensitive data and potentially disrupt system operations.
The first vulnerability, classified as a high-severity SQL injection flaw (CVE-2024-35286), resided within the NuPoint unified Messaging (NPM) component of MiCollab. “This vulnerability could have enabled an unauthenticated attacker to gain unauthorized access to sensitive details stored within the database and even execute arbitrary commands,” explained a watchTowr spokesperson. “The potential impact of such an attack could have been significant, compromising user data and potentially disrupting critical communication services.”
Mitel swiftly addressed this vulnerability by releasing a security patch in May. Users are strongly advised to update their MiCollab systems to the latest version to mitigate this risk.
The second vulnerability,identified as CVE-2024-41713,was an authentication bypass flaw,also affecting the NPM component. This vulnerability stemmed from insufficient input validation, allowing an attacker to potentially bypass authentication mechanisms and gain unauthorized access to the system. “An attacker exploiting this vulnerability could have potentially traversed file paths, leading to the viewing, corruption, or deletion of user data and system configurations,” warned the watchTowr team.
Mitel has also released a patch to address this vulnerability. Users are urged to apply the latest security updates to ensure the ongoing protection of their MiCollab systems.
These discoveries highlight the importance of continuous security vigilance and the need for timely patching to mitigate vulnerabilities. Organizations relying on Mitel MiCollab are strongly encouraged to review the security advisories issued by Mitel and implement the recommended security measures.
Security researchers have uncovered a trio of vulnerabilities in Mitel’s MiCollab software, raising concerns about the potential for unauthorized access and data breaches. Two of these flaws, tracked as CVE-2024-35286 and CVE-2024-41713, have been patched by Mitel, but a third, more serious vulnerability remains unaddressed.
The watchTowr security research team,which discovered the vulnerabilities,highlighted the severity of the unpatched flaw,describing it as an “arbitrary file read” vulnerability. This type of vulnerability allows attackers to access sensitive files on a targeted system, potentially exposing confidential information such as user credentials.
“Unluckily,we’re past this period and have not seen any updates on Mitel’s Security Advisory page,” watchTowr stated in a report published on Thursday. “Since our disclosure email was sent over 100 days ago, we’ve decided to proceed and include this vulnerability within our blog post – but as of writing, it remains unpatched (albeit post-auth).”
The researchers explained that the unpatched vulnerability requires authentication to exploit.However, they noted that it can be chained with CVE-2024-41713, another vulnerability they discovered, to bypass authentication and gain unauthorized access to sensitive files.
Mitel has acknowledged the vulnerabilities and released patches for CVE-2024-35286 and CVE-2024-41713.However, the company has yet to provide a timeline for addressing the unpatched arbitrary file read vulnerability, leaving users potentially exposed.
This situation underscores the importance of timely patching and responsible vulnerability disclosure. Organizations relying on Mitel’s MiCollab software should closely monitor Mitel’s security advisories and apply patches as soon as they become available.
## Mitel MiCollab Vulnerability: A Security Expert Weighs In
**World Today News:** We’ve seen reports of a serious vulnerability in Mitel MiCollab impacting thousands of businesses worldwide.What can you tell us about this threat?
**security Expert:** This situation is definitely concerning. Cybersecurity researchers at watchTowr uncovered two critical vulnerabilities in Mitel MiCollab, a popular platform used for collaborative dialog. The first, a SQL injection flaw (CVE-2024-35286), coudl allow attackers to gain complete control of the underlying database, potentially exposing sensitive user information and disrupting critical services.
Thankfully, Mitel quickly addressed this issue with a patch released in May. It’s crucial for businesses to update their systems to the latest version promptly.
**World Today News:** What about the second vulnerability you mentioned?
**Security Expert:** The second vulnerability, CVE-2024-41713, is even more worrying. It’s an authentication bypass flaw, meaning attackers could potentially bypass standard security measures and gain unauthorized access to the system. This could expose sensitive files, allowing attackers to read, modify, or even delete them.
**World Today News:** We understand watchTowr waited over 100 days for a patch from Mitel before disclosing details publicly. What are your thoughts on responsible disclosure practices in such cases?
**Security Expert:** Responsible disclosure is a delicate balance. On one hand, vendors need time to develop and implement patches for vulnerabilities. Public disclosure before a patch is available could leave thousands vulnerable to attacks.
Conversely, transparency and timely disclosure are essential for fostering trust and accountability. In this case, watchTowr clearly felt Mitel’s response time was inadequate, leading them to make the vulnerability public. It highlights the importance of open communication and collaborative efforts between researchers and vendors.
**World Today News:** What should businesses using Mitel MiCollab do right now?
**Security Expert:**
* **Prioritize Updating:** The most critical step is to immediately check if your Mitel MiCollab system is updated to the latest version. If not, apply the patch quickly.
* **Monitor Systems:** Actively monitor your MiCollab systems for any suspicious activity. Look for any unusual login attempts, file changes, or system behavior.
* **Review Security Practices:** This incident is a stark reminder of the importance of comprehensive cybersecurity practices. Review your incident response plan, back up critical data regularly, and consider implementing additional security measures like multi-factor authentication.
**Security Expert:** This vulnerability underscores the constant threat facing businesses in today’s digital landscape. Cybercriminals are always looking for weaknesses, and platforms like Mitel MiCollab are prime targets due to their widespread adoption. By staying informed and taking proactive steps, businesses can better protect themselves from these evolving threats.
