Chained for optimum affect
One of many Mitel flaws, tracked as CVE-2024-41713, is a crucial (CVSS 9.8/10) path traversal vulnerability within the NuPoint Unified Messaging element of Mitel MiCollab that would permit an unauthenticated attacker to take advantage of a scarcity of adequate enter validation to realize unauthorized entry and look at, corrupt or delete consumer information and system configurations.
The opposite flaw, tracked as CVE-2024-55550 and rated reasonably extreme (CVSS 4.4/10), is one other path traversal vulnerability that would permit authenticated attackers learn admin stage information on native system on account of inadequate enter sanitization. The flaw, nevertheless, doesn’t permit file modification or privilege escalation, Mitel had mentioned in an October 2024 disclosure.
Whereas technical particulars of the exploitation weren’t disclosed within the CISA replace, you will need to be aware that these vulnerabilities might be chained collectively to permit distant attackers to learn delicate system information.
