Mitel has released a security advisory to address a critical severity vulnerability in Mitel MiCollab. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams.
The vulnerability, which has no CVE identifier at time of publish, is a “path traversal” vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote unauthenticated attacker to gain unauthorised access to provisioning information and perform unauthorised administrative actions on the MiCollab server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- macOS malware used run-only AppleScripts to avoid detection for five years
January 12, 2021
For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs. Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) ...
- Investigation launched into vulnerabilities found within US Judiciary case file system
January 8, 2021
The United States Judiciary has announced an audit into its systems, following concerns its case file system has been compromised. In making the announcement, the Judiciary said the Administrative Office of the US Courts was working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files ...
- Nvidia releases security update for high-severity graphics driver vulnerabilities
January 8, 2021
Nvidia has released a round of security fixes tackling high-severity issues in the Nvidia GPU display driver and vGPU software. Released on Thursday, the technology giant said the patches deal with issues that “may lead to denial of service, escalation of privileges, data tampering, or information disclosure.” In total, Nvidia has resolved 16 vulnerabilities linked to the ...
- Windows PsExec zero-day vulnerability gets a free micropatch
January 7, 2021
A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft’s Windows PsExec management tool is now available through the 0patch platform. PsExec is a fully interactive telnet-replacement that allows system admins to execute programs on remote systems. PsExec tool is also integrated into and used by enterprise tools to remotely launch executables on other ...
- Telegram Triangulation Pinpoints Users’ Exact Locations
January 5, 2021
A feature that allows Telegram users to see who’s nearby can be misused to pinpoint your exact distance to other users – by spoofing one’s latitude and longitude. According to bug-hunter Ahmed Hassan, the “People Nearby” feature could allow an attacker to triangulate the location of unsuspecting Telegram users. The feature is disabled by default, but ...
- Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
January 2, 2021
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets ...