Mitel has released a security advisory to address a critical severity vulnerability in Mitel MiCollab. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams.
The vulnerability, which has no CVE identifier at time of publish, is a “path traversal” vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote unauthenticated attacker to gain unauthorised access to provisioning information and perform unauthorised administrative actions on the MiCollab server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Comcast RF Attack Leveraged Remotes for Surveillance
September 2, 2021
More details about a now-patched vulnerability in Comcast’s XR11 voice remotes have emerged, which would have made it easy for a threat actor to intercept radio frequency (RF) communications between the remote and the set-top box, effectively turning the remote into a surveillance device. The XR11 remotes are some of the most common around, with more ...
- WhatsApp patches vulnerability related to image filter functionality
September 2, 2021
Check Point Research has announced the discovery of a vulnerability in the popular messaging platform WhatsApp that allowed attackers to read sensitive information from WhatsApp’s memory. WhatsApp acknowledged the issue and released a security fix for it in February. The messaging platform — considered the most popular globally with about two billion monthly active users — had ...
- HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform
August 30, 2021
Hewlett Packard Enterprise (HPE) is warning a vulnerability in Sudo, an open-source program used within its Aruba AirWave management platform, could allow any unprivileged and unauthenticated local user to gain root privileges on a vulnerable host. Rated high in severity, HPE warns the Sudo flaw could be part of a “chained attack” where an “attacker has ...
- QNAP works on patches for OpenSSL bugs impacting its NAS devices
August 30, 2021
Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week. The security flaws tracked as CVE-2021-3711 and CVE-2021-3712, impact QNAP NAS device running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync (a backup and disaster recovery app), ...
- New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305)
August 30, 2021
Unit 42 researchers have observed exploits in the wild for a recently disclosed command injection vulnerability affecting WebSVN, an open-source web application for browsing source code. The critical command injection vulnerability was discovered and patched in May 2021. A proof of concept was released and within a week, on June 26, 2021, attackers exploited the ...
- Microsoft Breaks Silence on Barrage of ProxyShell Attacks
August 26, 2021
Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging ...