Mitel has released a security advisory to address a critical severity vulnerability in Mitel MiCollab. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams.
The vulnerability, which has no CVE identifier at time of publish, is a “path traversal” vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote unauthenticated attacker to gain unauthorised access to provisioning information and perform unauthorised administrative actions on the MiCollab server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
May 27, 2021
Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential implications for U.S.-China strategic relations. Mandiant continues to gather evidence and respond to intrusions involving compromises of Pulse ...
- Threats From a Compromised 4G/5G Campus Network
May 27, 2021
Over the past two decades, industrial sectors and everyday users have reaped the benefits of advancements in telecom technologies. At present, the catalyst and basis for future changes is 5G. A sign of this continuing development and influence for some industries is their investment in non-public networks (NPN), also commonly referred to as campus networks. The ...
- PDF Feature ‘Certified’ Widely Vulnerable to Attack
May 26, 2021
Certified portable document format (PDF) files are used to securely sign agreements between two parties while keeping the contents’ integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of attacks. Researchers from Ruhr University Bochum explained certified PDFs use two specific ...
- New Rowhammer attack exploits the design of ever-shrinking and more dense DRAM chips
May 26, 2021
Google has detailed its work discovering a new Rowhammer vulnerability dubbed “Half-Double”, which evolves the style of attack on DRAM memory first reported in 2014 and suggests the Rowhammer problem won’t go away soon. The Rowhammer attack is unusual because it aims to cause “bit flips” by rapidly and repeatedly accessing data in one memory row ...
- CVE-2021-22909- Digging Into A Ubiquiti Firmware Update Bug
May 25, 2021
Back In February, Ubiquiti released a new firmware update for the Ubiquiti EdgeRouter, fixing CVE-2021-22909/ZDI-21-601. The vulnerability lies in the firmware update procedure and allows a man-in-the-middle (MiTM) attacker to execute code as root on the device by serving a malicious firmware image when the system performs an automatic firmware update. The vulnerability was discovered ...
- VMware warns of critical bug affecting all vCenter Server installs
May 25, 2021
VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. “These updates fix a critical security vulnerability, and it needs to be considered at once,” said Bob Plankers, Technical Marketing Architect at VMware. Read more… Source: Bleeping Computer