ACSC Issues Critical Alert for Mitel MiCollab Collaboration Software

ACSC Issues Critical Alert for Mitel MiCollab Collaboration Software

ACSC Issues Critical Alert for Mitel MiCollab Collaboration Software

Two vulnerabilities in a popular collaboration suite could allow malicious actors to access sensitive data.

The Australian Cyber ​​Security Center (ACSC) at the Australian Signals Directorate has issued a critical alert regarding two dangerous vulnerabilities in Mitel’s MiCollab collaboration software suite.

“The ASD ACSC is monitoring several vulnerabilities in Mitel MiCollab collaboration software. The vulnerabilities identified are SQL injection and authentication bypass/path traversal, which may allow access to sensitive content,” the critical alert states.

“We have assessed that there is significant exposure to Mitel MiCollab vulnerabilities in Australia and that any exploitation would have a significant impact on Australian systems and networks.”

CVE-2024-35286 is a flaw in NuPoint Messenger from Mitel MiCollab, present in versions up to 9.8.0.33. This vulnerability allows an unauthenticated attacker to launch a SQL injection attack because user input is not properly sanitized. This could lead a malicious actor to execute unauthorized commands and retrieve sensitive data.

CVE-2024-41713 is a vulnerability in the NuPoint Unified Messaging component of Mitel MiCollab, present in versions up to 9.8 SP1 FP2 (9.8.1.201). This bug could allow a malicious actor to execute a path traversal attack, which could lead to that actor viewing, modifying, or even deleting user data.

Mitel has published its own vulnerability advisories and the ACSC recommends that Mitel MiCollab users ensure their versions are up to date, be alert for suspicious activity and implement security policies. -fire limiting access to the MiCollab server.

“The ASD ACSC is monitoring the situation and is able to provide assistance and advice if necessary,” the ACSC said.

“Organizations or individuals who have been affected or need assistance can contact us via 1300 CYBER1 (1300 292 371).”

Bose reinvented itself just in time. Now comes the tricky part

Bose reinvented itself just in time. Now comes the tricky part

Insignia is “considering” a takeover offer from the American giant

Insignia is “considering” a takeover offer from the American giant

Leave a Reply

Your email address will not be published. Required fields are marked *