Chained for max impression
One of many Mitel flaws, tracked as CVE-2024-41713, is a important (CVSS 9.8/10) path traversal vulnerability within the NuPoint Unified Messaging element of Mitel MiCollab that might enable an unauthenticated attacker to use an absence of adequate enter validation to achieve unauthorized entry and examine, corrupt or delete person knowledge and system configurations.
The opposite flaw, tracked as CVE-2024-55550 and rated reasonably extreme (CVSS 4.4/10), is one other path traversal vulnerability that might enable authenticated attackers learn admin degree recordsdata on native system resulting from inadequate enter sanitization. The flaw, nevertheless, doesn’t enable file modification or privilege escalation, Mitel had stated in an October 2024 disclosure.
Whereas technical particulars of the exploitation weren’t disclosed within the CISA replace, it is very important notice that these vulnerabilities might be chained collectively to permit distant attackers to learn delicate system recordsdata.
