Bound for high impact
One of Mitel’s flaws, tracked as CVE-2024-41713, is a critical vulnerability (CVSS 9.8/10) in the NuPoint Unified Messaging component of Mitel MiCollab that could allow an unauthorized attacker to exploit a lack of sufficient input authentication to gain unauthorized access and view, corrupt or delete user data and system settings.
Another flaw, tracked as CVE-2024-55550 and rated moderately severe (CVSS 4.4/10), is another cross-cutting vulnerability that could allow authorized attackers to read administrator-level files on a local system due to insufficient sanitization. However, the bug does not allow file modification or privilege escalation, Mitel said in an October 2024 disclosure.
Although the technical details of the exploit were not disclosed in the CISA update, it is important to note that these vulnerabilities may be bundled together to allow remote attackers to read sensitive system files.
Source link