Introduction
A critical vulnerability has been identified in the Mitel MiCollab enterprise VoIP platform, affecting versions up to 98 SP1 FP2 (98.1.201). This vulnerability, along with another significant issue, has been addressed in the latest update. Users are urged to upgrade to mitigate potential security risks.
Description
A critical vulnerability has been discovered in the Mitel MiCollab enterprise VoIP platform, specifically affecting version 98 SP1 FP2 (98.1.201) and earlier [1]. This path traversal vulnerability allows attackers to access administrative features without authentication, leading to an authentication bypass [1]. Mitel has assigned the issue CVE-2024-41713 [1], which was addressed in version 98 SP2 (98.2.12) [4], released on October 9, 2024 [4]. This update not only resolves the CVE-2024-41713 vulnerability but also addresses another critical vulnerability, CVE-2024-47223 [1] [2] [4], related to the Audio [4], Web [4], and Video Conferencing (AWV) component [4], which has a CVSS score of 94 [4]. The patch effectively neutralizes proof of concept demonstrations of the exploit.
However, researchers have identified that the ReconcileWizard servlet [1], used for saving or viewing system reports [1], is also susceptible to path traversal, enabling unauthorized access to arbitrary files on the system [1]. The exploit was demonstrated by leveraging the path traversal flaw in conjunction with the ReconcileWizard’s arbitrary file read issue, allowing access to sensitive files such as /etc/passwd on a Linux system.
To mitigate the risks associated with these vulnerabilities, it is essential for all MiCollab users to upgrade to version 98 SP2 (98.2.12) or later [4], or to implement a patch for releases 97 and above [2]. Additionally, organizations should restrict access to the MiCollab server to trusted IP ranges or internal networks and implement firewall rules to prevent unauthorized external access [3]. Monitoring logs for suspicious activity targeting the ReconcileWizard servlet is crucial [3], as is watching for unexpected access to sensitive files or configuration data [3]. If possible [3], disabling or restricting access to the ReconcileWizard servlet can further enhance security. A workaround has also been made available to address the immediate risks posed by this vulnerability. Until Mitel resolves the CVE-less zero-day vulnerability [2], organizations are advised to apply the latest available patches to reduce the risk of exploitation.
Conclusion
The vulnerabilities in the Mitel MiCollab platform pose significant security risks, potentially allowing unauthorized access to sensitive system files. Immediate action is required to upgrade to the latest version or apply necessary patches. Organizations should also implement network restrictions and monitor for suspicious activities to safeguard against potential exploits. Continuous vigilance and timely updates are crucial to maintaining security and mitigating future threats.
References
[1] https://www.csoonline.com/article/3618212/mitel-micollab-voip-authentication-bypass-opens-new-attack-paths.html
[2] https://www.helpnetsecurity.com/2024/12/05/mitel-micollab-zero-day-and-poc-exploit-unveiled/
[3] https://cybersecuritynews.com/mitel-micollab-zero-day-vulnerability/
[4] https://rhyno.io/blogs/cybersecurity-news/mitel-micollab-vulnerability-discovered/