CVERadar

CVE-2024-35286

High Severity

SVRS

40/100

CVSSv3

NA/10

EPSS

0.74977/1

CVE-2024-35286: Mitel MiCollab NuPoint Messenger is vulnerable to SQL Injection, potentially allowing unauthorized database access. CVE-2024-35286 affects Mitel MiCollab through version 9.8.0.33. An unauthenticated attacker can exploit this vulnerability by injecting malicious SQL commands due to insufficient input sanitization. Although the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 40, indicating a moderate risk. Successful exploitation could lead to the disclosure of sensitive information and the execution of arbitrary database operations. Organizations using affected versions of Mitel MiCollab should promptly apply necessary patches or mitigations. This vulnerability poses a significant data breach risk and could compromise the integrity of the entire system. Immediate action is recommended to minimize potential damage from threat actors attempting to exploit this flaw.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

ISC StormCast for Friday, December 6th, 2024

Dr. Johannes B. Ullrich2024-12-06

ISC StormCast for Friday, December 6th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. BEC Step by Step; Mital MiCollab PoC; Lorex Camera, HPE Aruba Vuln;Business E-Mail Compromise https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Business%20Email%20Compromise/31474 Where There s Smoke, There s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 Lorex 2K Indoor

sans.edu

rss

forum

news

Mitel MiCollab Vulnerabilities: CVE-2024-35286 and CVE-2024-41713 | UpGuard

2025-01-15

Mitel MiCollab Vulnerabilities: CVE-2024-35286 and CVE-2024-41713 | UpGuard | Learn how to detect SQL injection and path traversal vulnerabilities across your infrastructure.

upguard.com

rss

forum

news

CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation

Ajit Jasrotia2025-01-08

CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows – It’s worth noting that CVE-2024-41713 could be chained with CVE-2024-55550 to permit an unauthenticated, remote […] The post CISA Flags Critical Flaws in Mitel and Oracle

allhackernews.com

rss

forum

news

1.789

2024-12-14

1.789 | Newly Added (3)Mitsubishi Electric GX Works3 CVE-2023-6943 Authentication Bypass VulnerabilitySecurity Vulnerabilities fixed in Mitel MiCollab 9.8 SP2Security Vulnerability fixed in Thunderbird 128.5.2Modified (31)<

fortiguard.com

rss

forum

news

Exploit PoC Validates MiCollab Zero-Day Flaw Risks

Trapti Rajput ([email protected])2024-12-08

Exploit PoC Validates MiCollab Zero-Day Flaw Risks |   A zero-day arbitrary file read vulnerability found in Mitel MiCollab

blogger.com

rss

forum

news

1.786

2024-12-06

1.786 | Newly Added (7)Zabbix Agent CVE-2024-42327 SQL Injection VulnerabilityMitel MiCollab CVE-2024-35286 Access Control Bypass VulnerabilityAdobe After Effects CVE-2024-20737 Out of Bounds Read VulnerabilityAdobe

fortiguard.com

rss

forum

news

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Ajit Jasrotia2024-12-05

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access | Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input validation […] The post Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized

allhackernews.com

rss

forum

news

Social Media

FortiGuard Labs

@FortiGuardLabs

2024-12-13

🚨 New #FortiGuardLabs Outbreak Alert: Security vulnerabilities in Mitel MiCollab have been uncovered, including CVE-2024-35286, CVE-2024-41713, and an arbitrary file read zero-day ⮕ https://t.co/KMeN9xWHti https://t.co/rcmldpKPmq

watchTowr

@watchtowrcyber

2024-12-05

👀 we’ve watched APTs recently ravage lawful interception systems, and wanted our own capabilities… Join us on a journey today into Mitel’s MiCollab - that originally started to reproduce CVE-2024-35286, and quickly unravelled into more… https://t.co/KSiASEB4Cm

ViPr Lab

@vipr_lab

2024-05-29

A critical security alert has been issued regarding vulnerabilities in Mitel MiCollab, known as CVE-2024-35285 & CVE-2024-35286, which have been exposed. Details: https://t.co/KjE7T7FITJ

Nicolas Krassas

@Dinosn

2024-05-29

Critical Security Advisory: Mitel MiCollab Vulnerabilities Exposed (CVE-2024-35285 & CVE-2024-35286) https://t.co/fiOrueuRTF

Gray Hats

@the_yellow_fall

2024-05-29

#Mitel has warned users of its #MiCollab communications platform to immediately patch critical vulnerabilities that could expose their systems to remote attacks. The vulnerabilities, tracked as CVE-2024-35285 and CVE-2024-35286 https://t.co/hfqCHMLPQK

Friday Security News

@fridaysecurity

2024-05-29

🗣 Critical Security Advisory: Mitel MiCollab Vulnerabilities Exposed (CVE-2024-35285 & CVE-2024-35286) https://t.co/FPWq4ko1Sk #security #cybernews #cybersecurity #fridaysecurity #linkedin #twitter #telegram

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0014

CWE Details

CWE ID	CWE Name	Description
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence