- Description
- A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Mitel MiCollab Path Traversal Vulnerability
- Exploit added on
- Jan 7, 2025
- Exploit action due
- Jan 28, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CVE-2024-41713 Authentication Bypass Leading to Arbitrary File Read in Mitel MiCollab First, the authentication Bypass and SQL Injection vulnerabilities discovered, and the vulnerability was disclosed to Mitel PSIRT. By using this flaw, a path traversal attack could be done http
@PPHM_HackerNews
23 Mar 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has flagged 3 actively exploited vulnerabilities—two in Mitel MiCollab and one in Oracle WebLogic Server. ⤷ CVE-2024-41713: Remote access via path traversal. ⤷ CVE-2024-55550: Exploited by attackers with admin privileges. ⤷ CVE-2020-2883: A high-severity… https://t.co/i
@achi_tech
3 Feb 2025
246 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I've been analyzing newly disclosed vulnerabilities in popular systems, including Mitel MiCollab (CVE-2024-41713, CVE-2024-35286), Zyxel Firewalls (CVE-2024-11667), and Microsoft Windows (CVE-2024-35250, CVE-2024-49138). Ivanti is also affected (CVE-2025-0282, CVE-2025-0283).
@agentwhitehat
15 Jan 2025
232 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
https://t.co/KiDuAzK7Fd 🚨 #Cybersécurité | Alerte critique sur MiCollab Deux failles majeures découvertes dans MiCollab de Mitel : * CVE-2024-41713 : Vulnérabilité critique (9.8/10) * CVE-2024-55550 : Accès aux fichiers système ➡️ Mise à jour urgente : MiCollab 9.8 SP2 requise
@AloneDeParis
13 Jan 2025
18 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-41713 #Mitel #MiCollab Path Traversal Vulnerability https://t.co/q6ri6fQ9Xe
@ScyScan
9 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE CISA ALERT! Three critical vulnerabilities added to the CISA KEV catalog. CVE-2024-41713: A Path Traversal Vulnerability in Mitel MiCollab that could allow unauthorized access to sensitive files. Immediate mitigation is necessary to prevent attackers from… https:/
@Loginsoft_Inc
8 Jan 2025
45 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Where There’s Smoke, There’s Fire 这篇报告深入剖析了 Mitel MiCollab 的 CVE-2024-35286、CVE-2024-41713 以及一个未公开的零日漏洞,揭示了该产品面临的严重安全风险。报告详细阐述了漏洞的成因、影响以及利用方式。 @watchtowrcyber Poc:https://t.co/mo7ePVwjgT https://t.co/Ew31fl5uKo
@ZhupuW28641
8 Jan 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Absolute madness from CISA for this exploitation, two in Mitel MiCollab and one in Oracle WebLogic Server. 👽 • CVE-2024-41713: Remote access. • CVE-2024-55550: Exploited by attackers with admin privileges. • CVE-2020-2883: A high-severity vulnerability in Oracle WebLogic.
@byt3n33dl3
8 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HelpNet] Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers. CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities... https://t.co/vCdTJ0Mu3h
@shah_sheikh
8 Jan 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has flagged 3 actively exploited vulnerabilities—two in Mitel MiCollab and one in Oracle WebLogic Server. ⤷ CVE-2024-41713: Remote access via path traversal. ⤷ CVE-2024-55550: Exploited by attackers with admin privileges. ⤷ CVE-2020-2883: A high-severity vulnerability in… h
@TheHackersNews
8 Jan 2025
41471 Impressions
41 Retweets
103 Likes
14 Bookmarks
1 Reply
0 Quotes
🚨 New @FortiGuardLabs Outbreak Alert: Security vulnerabilities in Mitel MiCollab have been uncovered, including CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day ⮕ https://t.co/ysYHPdG7Te https://t.co/UcndYU4blR
@KazuMiyanishi
18 Dec 2024
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New @FortiGuardLabs Outbreak Alert: Security vulnerabilities in Mitel MiCollab have been uncovered, including CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day ⮕ https://t.co/tVABv1FIH0 https://t.co/LbU5Vd1iX4
@NaderAbdulrahma
14 Dec 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New @FortiGuardLabs Outbreak Alert: Security vulnerabilities in Mitel MiCollab have been uncovered, including CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day ⮕ https://t.co/kPZJMm4eIG https://t.co/oW3bbD8G5a
@ujdmc
13 Dec 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New #FortiGuardLabs Outbreak Alert: Security vulnerabilities in Mitel MiCollab have been uncovered, including CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day ⮕ https://t.co/KMeN9xWHti https://t.co/rcmldpKPmq
@FortiGuardLabs
13 Dec 2024
5975 Impressions
5 Retweets
30 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38144 2 - CVE-2024-41713 3 - CVE-2024-39343 4 - CVE-2024-11667 5 - CVE-2024-49019 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
9 Dec 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/🚨 Critical Mitel MiCollab Vulnerability (CVE-2024-41713) 🚨 A 9.8 CVSS-rated flaw exposes systems to unauthorized file access & admin control. Mitel urges users to update to version 9.8 SP2 to patch this high-risk vulnerability. Stay secure!
@firexcore
9 Dec 2024
26 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Detect Mitel MiCollab - Authentication Bypass (CVE-2024-41713) & Arbitary File Read with Nuclei 🚀 👉 https://t.co/qbFUceEGg3 👉 https://t.co/v35tZzGzyh Nuclei Templates by @DhiyaneshDK Research: https://t.co/CB7CggxlW6 by @watchtowrcyber #hackwithautomation #Cybersecuri
@pdnuclei
8 Dec 2024
739 Impressions
2 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day https://t.co/EESdexg8g6
@akaclandestine
8 Dec 2024
554 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mitel MiCollabの脆弱性(未修正)に対応するPoC(攻撃の概念実証コード)が公開。脆弱性を報告したWatchTowr社によるもの。CVE-2024-41713はCVSSスコア9.8で、パストラバーサル。当初報告からは100日以上経過しており、Mitel社はの開示をうけアドバイザリを更新。 https://t.co/6rPYvklt7P
@__kokumoto
7 Dec 2024
475 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ A new zero-day vulnerability (CVE-2024-41713) in Mitel MiCollab has emerged, with a PoC exploit in the wild. Discover its risks and learn how to protect your systems in our latest blog: https://t.co/O6NWBDIh6u #CyberSecurity #ZeroDay #ThreatIntelligence
@socradar
6 Dec 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: #Mitel: disponibili PoC per le CVE-2024-41713, CVE-2024-35286 e per una vulnerabilità zero-day relative al prodotto #MiCollab Rischio: 🔴 Tipologia: 🔸Arbitrary File Read 🔸Authentication Bypass 🔸Data Manipulation 🔗 https://t.co/s9aH02PmWP… https://t.co/ttMr0Y0ZqI
@Vulcanux_
6 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-35286 & CVE-2024-41713:Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access thanks @watchtowrcyber for the POC... #bugbountytips #cve https://t.co/6L1j4mrP7T
@AbdeladimeMk
6 Dec 2024
82 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
"Critical flaw (CVE-2024-41713) in Mitel MiCollab exposed systems to unauthorized access. Researchers have released a PoC exploit. Make sure all systems are updated! #CyberSecurity #PatchAlert" (More info 👉 [shortened link]) https://t.co/qJPDDuRc9p
@SalvadorCloud
6 Dec 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-35286 & CVE-2024-41713:Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access 🔥PoC: https://t.co/QZo7rhmCZN 🧐Deep Dive:https://t.co/3gIWyy7QfE 📊 14K+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:… https:/
@HunterMapping
6 Dec 2024
2046 Impressions
12 Retweets
32 Likes
12 Bookmarks
1 Reply
1 Quote
GitHub - watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713 - https://t.co/PHeTvJ7LTM
@piedpiper1616
6 Dec 2024
609 Impressions
4 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 A critical vulnerability (CVE-2024-41713) in Mitel MiCollab could let attackers access sensitive system files and potentially perform unauthorized administrative actions without authentication. Full details here: https://t.co/fVRaNuExiD @RedHatPentester https://t.co/CMZIQwY
@SamTechwest
5 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical #vulnerability (CVE-2024-41713) in Mitel MiCollab could let attackers access sensitive system files and potentially perform unauthorized administrative actions without authentication. Full details here: https://t.co/Wqyo9uluSP #hacking #cybersecurity
@TheHackersNews
5 Dec 2024
2144 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day https://t.co/8Iqyd3smq8
@tbbhunter
5 Dec 2024
704 Impressions
4 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day - watchTowr Labs https://t.co/6M2WpzsebG https://t.co/L43YZStK7e
@secharvesterx
5 Dec 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-41713 A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct … https://t.co/Ysjk38LkXt
@CVEnew
24 Oct 2024
315 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-41713 Path Traversal Vulnerability in Mitel MiCollab Enables Data Breach A weakness is found in the NuPoint Unified Messaging part of Mitel MiCollab up to version 9.8 SP1 FP2 (9.8.1.201). This flaw could... https://t.co/v6koU9e5H1
@VulmonFeeds
22 Oct 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "0C99C6FC-75C9-4886-ACF0-997A750E10F0",
"versionEndIncluding": "9.8.1.201"
}
],
"operator": "OR"
}
]
}
]