The Register: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

Dec 6, 2024

—

Source URL: https://www.theregister.com/2024/12/06/mitel_micollab_0day/
Source: The Register
Title: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

Feedly Summary: Still unpatched 100+ days later, watchTowr says
A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable instances. …

AI Summary and Description: Yes

Summary: The text discusses a critical zero-day vulnerability in Mitel MiCollab, an enterprise collaboration tool, which can be exploited alongside previously patched vulnerabilities. This highlights the ongoing risks associated with software security in collaboration platforms. The situation underscores the urgency in patching identified vulnerabilities to prevent unauthorized access to sensitive data.

Detailed Description:
The article outlines significant security flaws affecting Mitel MiCollab, emphasizing the potential consequences of unpatched vulnerabilities in software tools widely used for business communications. Key points include:

– **Vulnerability Overview**:
– A zero-day arbitrary file read vulnerability allows attackers to access sensitive files after chaining it with a previously patched SQL injection vulnerability.
– These exploits expose over 16,000 instances of Mitel MiCollab to cybercriminals, particularly appealing to ransomware gangs.

– **Exploits Discovered by watchTowr**:
– watchTowr discovered a critical SQL injection vulnerability (CVE-2024-35286) rated 9.8, which could enable unauthenticated access to sensitive database information.
– The team also found an authentication bypass vulnerability (CVE-2024-41713) due to poor input validation, opening the door to potential path traversal attacks.

– **Timing and Patching Issues**:
– The discovery and disclosure process took over 100 days without a fix from Mitel, raising concerns about vendor responsiveness to security vulnerabilities.
– The arbitrary file read flaw still lacks a patch, highlighting a prevalent issue around timely security responsiveness in the software industry.

– **Consequences**:
– If exploited, these vulnerabilities can lead to unauthorized access to sensitive information, manipulation of system configurations, and potential large-scale breaches of user data.

This information is vital for security and compliance professionals involved in protecting enterprise communication tools. It calls attention to the need for robust security protocols, prompt patch management, and continual vigilance in monitoring software vulnerabilities.

1 2 2024 4 a access AI art as attack attackers authentication Authentication Bypass authentication bypass vulnerability AWS breach breaches Bug business by bypass C chain collaboration communication communication tools Communications. compliance compliance professionals Configuration core critical CVE cyber cybercriminal cybercriminals D data database day day vulnerability disclosure e end enterprise ERP event exp exploit exploit chain exploit chains exploits for g Gen GIS Go gs high Highlight http HTTPS ICO in industry information injection Injection vulnerability input validation ite k l Labor large law led long low management manipulation MiCollab Mitel monitoring monitoring software no NPU o of on open over Patch Patch Management patching path traversal PoC pre professionals prompt protocol raising ransom ransomware ransomware gang RCE Risk risks robust security s Scale sec security security and compliance Security Flaw security flaws security protocols Security Vulnerabilities sensitive data sensitive files sensitive information side Sig SoC software software industry software security software vulnerabilities source sql SSE system T text the to tools Tor unauthenticated unauthorized access user user data uth Validation vendor Vendor Responsiveness vigilance vulnerabilities vulnerability Watchtowr Wi x zero zero-day zero-day vulnerability