Mitel MiCollab Unauthorized Access

What is the attack?

Security flaws in Mitel MiCollab, CVE-2024–35286 and CVE-2024–41713, have been found, putting many organizations at risk. These vulnerabilities allow attackers bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks.

Mitel MiCollab is a popular solution that combines voice calling, video calling, chat, file sharing, screen sharing, and more into one platform for enterprise communications.

What is the recommended Mitigation?

Mitel has released fixes for the vulnerabilities. Organizations that have not implemented the latest patch are advised to do so immediately and monitor vendor advisories for further patch releases and information.

What FortiGuard Coverage is available?

• FortiGuard recommends users to apply the patch and follow any mitigation steps provided by the vendor if not done already.

• The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

• The FortiGuard Endpoint Vulnerability Service is available to detect vulnerable systems related to "Mitel MiCollab CVE-2024-35286 Access Control Bypass Vulnerability" FortiClient Vulnerability | FortiGuard Labs

• FortiGuard IPS protection is added for CVE-2024–35286, CVE-2024–41713, plus a no-CVE, Zero-day (Arbitrary File Read) vulnerability. https://www.fortiguard.com/updates/ips?version=29.919