A proof-of-concept exploit has been published, demonstrating how a zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a patched SQL injection flaw to access sensitive data.
Mitel MiCollab, an enterprise collaboration tool with over 16,000 users, has become a significant target for cybercriminals, especially following the discovery of multiple vulnerabilities.
watchTowr's team reported a critical SQL injection vulnerability and an authentication bypass issue in Mitel MiCollab's NuPoint Unified Messaging component, both of which were patched but highlighted ongoing security concerns.
Despite the importance of security patches, the communication delay from Mitel raises questions about their commitment to addressing these critical vulnerabilities promptly, as operators remain vulnerable to attacks in the meantime.
Collection
[
|
...
]