Cyber security news for all

More

    Unveiling a Critical Vulnerability in Mitel MiCollab: A Gateway to Unauthorized Access

    In a stark revelation, cybersecurity specialists have unveiled a proof-of-concept (PoC) exploit that interweaves a recently resolved critical vulnerability in Mitel MiCollab with an arbitrary file read zero-day flaw. This sophisticated amalgamation empowers attackers with the ability to pilfer files from susceptible systems, casting a shadow over the software’s resilience.

    The Vulnerability Decoded: CVE-2024-41713

    This high-severity flaw, cataloged as CVE-2024-41713 with a staggering CVSS rating of 9.8, stems from inadequate input validation in the NuPoint Unified Messaging (NPM) module of MiCollab. Such lapses permit path traversal attacks, exposing critical server files.

    Mitel MiCollab, an integrated communication solution marrying chat, voice, video, and SMS messaging with platforms like Microsoft Teams, houses NPM—a server-based voicemail system enabling versatile access to voice messages.

    WatchTowr Labs, delving deeper into a related vulnerability, CVE-2024-35286, unearthed CVE-2024-41713 during their pursuit to replicate the former’s exploitation. Both vulnerabilities share a common origin in the NPM module, with CVE-2024-35286 enabling unauthorized data access and database manipulations.

    A New Exploitation Avenue

    What distinguishes CVE-2024-41713 is its reliance on a deceptively simple technique: embedding the input string ..;/ within HTTP requests to the ReconcileWizard component. This cunning maneuver grants intruders access to the root directory of the application server, bypassing authentication measures to reveal sensitive files such as /etc/passwd.

    Furthermore, analysts at WatchTowr Labs discerned that this bypass could be conjoined with an unresolved post-authentication arbitrary file read flaw, amplifying the exploit’s potency by enabling the extraction of highly sensitive data.

    Implications of the Exploit

    Mitel, in its advisory, underscored the grave ramifications of this vulnerability. Exploitation could jeopardize system confidentiality, integrity, and availability, granting unauthorized access to provisioning information and enabling illicit administrative actions.

    The flaw was addressed in MiCollab version 9.8 SP2 (9.8.2.12) on October 9, 2024, following a responsible disclosure process.

    Insights from the Investigation

    Reflecting on the findings, researcher Sonny Macdonald highlighted the broader lessons from this probe. “This underscores the reality that full source code access isn’t a prerequisite for vulnerability research,” Macdonald remarked. “Armed with detailed CVE descriptions and adept search capabilities, researchers can unveil critical weaknesses even in off-the-shelf software solutions.”

    Addressing Adjacent Vulnerabilities

    Mitel’s MiCollab 9.8 SP2 also rectified another critical SQL injection vulnerability, CVE-2024-47223 (CVSS score: 9.4). Found in the Audio, Web, and Video Conferencing (AWV) module, this flaw posed severe risks, from data exposure to system disruption via arbitrary database queries.

    Broader Implications

    This disclosure aligns with parallel findings by Rapid7, who reported vulnerabilities in Lorex 2K Indoor Wi-Fi Security Cameras (CVE-2024-52544 to CVE-2024-52548). When combined, these weaknesses enable unauthenticated attackers to reset admin credentials, gain access to live feeds, and even execute remote code with root privileges.

    Researcher Stephen Fewer elaborated on the exploit chain: “Phase one exploits an authentication bypass, allowing attackers to reset admin credentials. Phase two leverages this access to execute a stack-based buffer overflow, ultimately gaining root-level command execution.”

    As these revelations unfold, they spotlight the intricate dance between attackers and defenders in the ever-evolving landscape of cybersecurity, urging organizations to fortify their defenses against such multifaceted threats.

    Recent Articles

    Related Stories