- Description
- A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Mitel MiCollab Path Traversal Vulnerability
- Exploit added on
- Jan 7, 2025
- Exploit action due
- Jan 28, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CISA has flagged 3 actively exploited vulnerabilities—two in Mitel MiCollab and one in Oracle WebLogic Server. ⤷ CVE-2024-41713: Remote access via path traversal. ⤷ CVE-2024-55550: Exploited by attackers with admin privileges. ⤷ CVE-2020-2883: A high-severity… https://t.co/i
@achi_tech
3 Feb 2025
246 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I've been analyzing newly disclosed vulnerabilities in popular systems, including Mitel MiCollab (CVE-2024-41713, CVE-2024-35286), Zyxel Firewalls (CVE-2024-11667), and Microsoft Windows (CVE-2024-35250, CVE-2024-49138). Ivanti is also affected (CVE-2025-0282, CVE-2025-0283).
@agentwhitehat
15 Jan 2025
232 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
https://t.co/KiDuAzK7Fd 🚨 #Cybersécurité | Alerte critique sur MiCollab Deux failles majeures découvertes dans MiCollab de Mitel : * CVE-2024-41713 : Vulnérabilité critique (9.8/10) * CVE-2024-55550 : Accès aux fichiers système ➡️ Mise à jour urgente : MiCollab 9.8 SP2 requise
@AloneDeParis
13 Jan 2025
18 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-41713 #Mitel #MiCollab Path Traversal Vulnerability https://t.co/q6ri6fQ9Xe
@ScyScan
9 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE CISA ALERT! Three critical vulnerabilities added to the CISA KEV catalog. CVE-2024-41713: A Path Traversal Vulnerability in Mitel MiCollab that could allow unauthorized access to sensitive files. Immediate mitigation is necessary to prevent attackers from… https:/
@Loginsoft_Inc
8 Jan 2025
45 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Where There’s Smoke, There’s Fire 这篇报告深入剖析了 Mitel MiCollab 的 CVE-2024-35286、CVE-2024-41713 以及一个未公开的零日漏洞,揭示了该产品面临的严重安全风险。报告详细阐述了漏洞的成因、影响以及利用方式。 @watchtowrcyber Poc:https://t.co/mo7ePVwjgT https://t.co/Ew31fl5uKo
@ZhupuW28641
8 Jan 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Absolute madness from CISA for this exploitation, two in Mitel MiCollab and one in Oracle WebLogic Server. 👽 • CVE-2024-41713: Remote access. • CVE-2024-55550: Exploited by attackers with admin privileges. • CVE-2020-2883: A high-severity vulnerability in Oracle WebLogic.
@byt3n33dl3
8 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HelpNet] Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers. CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities... https://t.co/vCdTJ0Mu3h
@shah_sheikh
8 Jan 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has flagged 3 actively exploited vulnerabilities—two in Mitel MiCollab and one in Oracle WebLogic Server. ⤷ CVE-2024-41713: Remote access via path traversal. ⤷ CVE-2024-55550: Exploited by attackers with admin privileges. ⤷ CVE-2020-2883: A high-severity vulnerability in… h
@TheHackersNews
8 Jan 2025
41471 Impressions
41 Retweets
103 Likes
14 Bookmarks
1 Reply
0 Quotes
🚨 New @FortiGuardLabs Outbreak Alert: Security vulnerabilities in Mitel MiCollab have been uncovered, including CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day ⮕ https://t.co/ysYHPdG7Te https://t.co/UcndYU4blR
@KazuMiyanishi
18 Dec 2024
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New @FortiGuardLabs Outbreak Alert: Security vulnerabilities in Mitel MiCollab have been uncovered, including CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day ⮕ https://t.co/tVABv1FIH0 https://t.co/LbU5Vd1iX4
@NaderAbdulrahma
14 Dec 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New @FortiGuardLabs Outbreak Alert: Security vulnerabilities in Mitel MiCollab have been uncovered, including CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day ⮕ https://t.co/kPZJMm4eIG https://t.co/oW3bbD8G5a
@ujdmc
13 Dec 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New #FortiGuardLabs Outbreak Alert: Security vulnerabilities in Mitel MiCollab have been uncovered, including CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day ⮕ https://t.co/KMeN9xWHti https://t.co/rcmldpKPmq
@FortiGuardLabs
13 Dec 2024
5975 Impressions
5 Retweets
30 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38144 2 - CVE-2024-41713 3 - CVE-2024-39343 4 - CVE-2024-11667 5 - CVE-2024-49019 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
9 Dec 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/🚨 Critical Mitel MiCollab Vulnerability (CVE-2024-41713) 🚨 A 9.8 CVSS-rated flaw exposes systems to unauthorized file access & admin control. Mitel urges users to update to version 9.8 SP2 to patch this high-risk vulnerability. Stay secure!
@firexcore
9 Dec 2024
26 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Detect Mitel MiCollab - Authentication Bypass (CVE-2024-41713) & Arbitary File Read with Nuclei 🚀 👉 https://t.co/qbFUceEGg3 👉 https://t.co/v35tZzGzyh Nuclei Templates by @DhiyaneshDK Research: https://t.co/CB7CggxlW6 by @watchtowrcyber #hackwithautomation #Cybersecuri
@pdnuclei
8 Dec 2024
739 Impressions
2 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day https://t.co/EESdexg8g6
@akaclandestine
8 Dec 2024
554 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mitel MiCollabの脆弱性(未修正)に対応するPoC(攻撃の概念実証コード)が公開。脆弱性を報告したWatchTowr社によるもの。CVE-2024-41713はCVSSスコア9.8で、パストラバーサル。当初報告からは100日以上経過しており、Mitel社はの開示をうけアドバイザリを更新。 https://t.co/6rPYvklt7P
@__kokumoto
7 Dec 2024
475 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ A new zero-day vulnerability (CVE-2024-41713) in Mitel MiCollab has emerged, with a PoC exploit in the wild. Discover its risks and learn how to protect your systems in our latest blog: https://t.co/O6NWBDIh6u #CyberSecurity #ZeroDay #ThreatIntelligence
@socradar
6 Dec 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: #Mitel: disponibili PoC per le CVE-2024-41713, CVE-2024-35286 e per una vulnerabilità zero-day relative al prodotto #MiCollab Rischio: 🔴 Tipologia: 🔸Arbitrary File Read 🔸Authentication Bypass 🔸Data Manipulation 🔗 https://t.co/s9aH02PmWP… https://t.co/ttMr0Y0ZqI
@Vulcanux_
6 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-35286 & CVE-2024-41713:Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access thanks @watchtowrcyber for the POC... #bugbountytips #cve https://t.co/6L1j4mrP7T
@AbdeladimeMk
6 Dec 2024
82 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
"Critical flaw (CVE-2024-41713) in Mitel MiCollab exposed systems to unauthorized access. Researchers have released a PoC exploit. Make sure all systems are updated! #CyberSecurity #PatchAlert" (More info 👉 [shortened link]) https://t.co/qJPDDuRc9p
@SalvadorCloud
6 Dec 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2024-35286 & CVE-2024-41713:Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access 🔥PoC: https://t.co/QZo7rhmCZN 🧐Deep Dive:https://t.co/3gIWyy7QfE 📊 14K+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:… https:/
@HunterMapping
6 Dec 2024
2046 Impressions
12 Retweets
32 Likes
12 Bookmarks
1 Reply
1 Quote
GitHub - watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713 - https://t.co/PHeTvJ7LTM
@piedpiper1616
6 Dec 2024
609 Impressions
4 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 A critical vulnerability (CVE-2024-41713) in Mitel MiCollab could let attackers access sensitive system files and potentially perform unauthorized administrative actions without authentication. Full details here: https://t.co/fVRaNuExiD @RedHatPentester https://t.co/CMZIQwY
@SamTechwest
5 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical #vulnerability (CVE-2024-41713) in Mitel MiCollab could let attackers access sensitive system files and potentially perform unauthorized administrative actions without authentication. Full details here: https://t.co/Wqyo9uluSP #hacking #cybersecurity
@TheHackersNews
5 Dec 2024
2144 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day https://t.co/8Iqyd3smq8
@tbbhunter
5 Dec 2024
704 Impressions
4 Retweets
11 Likes
1 Bookmark
0 Replies
0 Quotes
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day - watchTowr Labs https://t.co/6M2WpzsebG https://t.co/L43YZStK7e
@secharvesterx
5 Dec 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-41713 A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct … https://t.co/Ysjk38LkXt
@CVEnew
24 Oct 2024
315 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-41713 Path Traversal Vulnerability in Mitel MiCollab Enables Data Breach A weakness is found in the NuPoint Unified Messaging part of Mitel MiCollab up to version 9.8 SP1 FP2 (9.8.1.201). This flaw could... https://t.co/v6koU9e5H1
@VulmonFeeds
22 Oct 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "0C99C6FC-75C9-4886-ACF0-997A750E10F0",
"versionEndIncluding": "9.8.1.201"
}
],
"operator": "OR"
}
]
}
]