⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2025-01-28.
CVE-2024-41713 — Path Traversal in Micollab
Severity
9.1CRITICALNVD
EPSS
94.1%
top 0.09%
CISA KEV
KEVRansomware
Added 2025-01-07
Due 2025-01-28
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 21
KEV addedJan 7
KEV dueJan 28
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2
Affected Packages1 packages
🔴Vulnerability Details
3💥Exploits & PoCs
1Nuclei▶
Mitel MiCollab - Authentication Bypass
🔍Detection Rules
1Suricata
▶