virus logo Endpoint Vulnerability

Mitel MiCollab CVE-2024-35286 Access Control Bypass Vulnerability

description-logoDescription

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations.

description-logoOutbreak Alert

Security flaws in Mitel MiCollab, CVE-2024–35286, CVE-2024–41713, and an arbitrary file read zero-day (still without a CVE number) have been found, putting many organizations at risk. These vulnerabilities allow attackers to bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks.

View the full Outbreak Alert Report

affected-products-logoAffected Applications

MiCollab

Version Updates

Date Version Status Detail
2024-12-13 1.00789
Modified
 MiCollab
2024-12-06 1.00786
New
 MiCollab

References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0014
ID 5968
Created Dec 06, 2024
Description
Updated		 Dec 13, 2024
CVE ID
Tags Mitel MiCollab Unauthorized Access Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Mitel Networks
Patch manual
Application MiCollab