Mitel has released a security advisory to address a critical severity vulnerability in Mitel MiCollab. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams.
The vulnerability, which has no CVE identifier at time of publish, is a “path traversal” vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote unauthenticated attacker to gain unauthorised access to provisioning information and perform unauthorised administrative actions on the MiCollab server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
December 29, 2022
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...
- Google Home speakers allowed hackers to snoop on conversations
December 29, 2022
A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed. While experimenting with his own Google Home mini speaker, the researcher discovered that new accounts added using the Google Home app could send ...
- Patch now: Serious Linux kernel security hole uncovered
December 23, 2022
Just what every Linux system administrator wants just before the holidays: A serious Linux kernel security bug. The Zero Day Initiative (ZDI), a zero-day security research firm, announced a new Linux kernel security bug. This hole allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. How bad is it? ...
- OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service
December 22, 2022
Cisco Talos recently discovered nineteen vulnerabilities in OpenImageIO, an image processing library, which could lead to sensitive information disclosure, denial of service and heap buffer overflows which could further lead to code execution. OpenImageIO is an image processing library useful for conversion and processing, as well as image comparison. This library is utilized by 3D-processing software ...
- Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities
December 20, 2022
More than two years ago, a researcher, A2nkF, published the details of an interesting exploit chain on the Objective-See blog. He demonstrated the exploit chain from root privilege escalation to SIP-Bypass up to arbitrary kernel extension loading. After diving into the second vulnerability of the exploit chain, Trend Micro researchers found that Apple’s patch for this issue is ...
- Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability
December 19, 2022
On July 27, 2022, Microsoft discovered a vulnerability in macOS that can allow attackers to bypass application execution restrictions imposed by Apple’s Gatekeeper security mechanism, designed to ensure only trusted apps run on Mac devices. We developed a proof-of-concept exploit to demonstrate the vulnerability, which we call “Achilles”. Gatekeeper bypasses such as this could be ...