{"id":6514,"date":"2024-12-05T15:13:03","date_gmt":"2024-12-05T21:13:03","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/bypass-bug-critical-n-day-mitel-micollab"},"modified":"2024-12-05T15:13:03","modified_gmt":"2024-12-05T21:13:03","slug":"bypass-bug-revives-critical-n-day-in-mitel-micollab","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/12\/05\/bypass-bug-revives-critical-n-day-in-mitel-micollab\/","title":{"rendered":"Bypass Bug Revives Critical N-Day in Mitel MiCollab"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Two new vulnerabilities in Mitel’s MiCollab unified communications and collaboration (UCC) platform could help expose gobs of enterprise data.<\/span><\/p>\n

MiCollab is a cross-platform application on mobile devices and desktops that combines instant messaging, SMS, phone calls, video calls, file sharing, remote desktop sharing \u2014 really any form of collaboration that occurs within an organization, save talking out loud. Organizations rely on it heavily for day-to-day business operations and, invariably, to house large amounts of personal and communications data.<\/span><\/p>\n

That’s what made CVE-2024-35286 so inconvenient when it was discovered earlier this year. This SQL injection vulnerability, resulting from a lack of user input sanitization, earned a “critical” 9.8 score in the Common Vulnerability Scoring System (CVSS) for how it allowed attackers to access important business data, and execute database and management operations at will. It came with a catch, though: A specific configuration was required to reach the vulnerable endpoint, where the treasure lay.<\/span><\/p>\n

In a new blog post, researchers from watchTowr noted that “No sensible admin would do this” \u2014 referring to the undisclosed configuration \u2014 so the risk to reliable organizations was low. However, the researchers went on to discover <\/span>a path traversal vulnerability<\/a><\/span> in MiCollab \u2014 not to mention a third, arbitrary file-read vulnerability \u2014 which rendered that one lone defense moot.<\/span><\/p>\n

The New MiCollab Exploit Chain<\/h2>\n

At Black Hat six years ago, a researcher going by the moniker Orange Tsai presented research exposing issues with how Web applications handle <\/span>path normalization<\/a><\/span>. Using special characters in URLs, attackers could trick Web servers into giving them access to files and directories they shouldn’t be able to access.<\/span><\/p>\n