CVE-2024-41713

Name of the Vulnerable Software and Affected Versions Mitel MiCollab versions 9.8 SP1 FP2 (9.8.1.201) and earlier

Description A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. This could enable the attacker to view, corrupt, or delete users' data and system configurations. The vulnerability is caused by a lack of proper validation of user input, allowing an attacker to access sensitive system files and potentially perform unauthorized administrative actions without authentication.

Recommendations For Mitel MiCollab versions 9.8 SP1 FP2 (9.8.1.201) and earlier, update to version 9.8 SP2 or later to patch this high-risk vulnerability. As a temporary workaround, consider restricting access to the NuPoint Unified Messaging (NPM) component to minimize the risk of exploitation. Additionally, monitor for any unauthorized access or suspicious activity that could indicate exploitation of this vulnerability.