关联漏洞
标题:
Mitel MiCollab 安全漏洞
(CVE-2024-41713)
描述:Mitel MiCollab是加拿大敏迪(Mitel)公司的一款为员工提供语音、视频、消息、音频会议和团队协作的移动应用程序。 Mitel MiCollab 9.8 SP1 FP2(9.8.1.201)版本及之前版本存在安全漏洞,该漏洞源于对输入验证不足。攻击者利用该漏洞可以查看、破坏或删除用户的数据和系统配置。
介绍
# CVE-2024-41713
Mitel MiCollab Authentication Bypass to Arbitrary File Read
See our [blog post](https://labs.watchtowr.com/) for technical details
```
__ ___ ___________
__ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________
\ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \
\ / / __ \| | \ \___| Y | |( <_> \ / | | \/
\/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__|
\/ \/ \/
watchtowr-vs-MiCollab_2024-12-05.py
(*) Mitel MiCollab Authentication Bypass and Arbitrary File Read exploit by watchTowr
- Sonny, watchTowr (sonny@watchTowr.com)
CVEs: [CVE-2024-41713 - Authentication Bypass] - [CVE-2024-00000 - Arbitrary File Read]
Example Usage:
- python watchtowr-vs-MiCollab_2024-12-05.py --url http://localhost --file /etc/passwd
```
# Affected Versions
Mitel MiCollab 9.8 SP1 FP2 (9.8.1.201) and earlier, more details at [Mitel advisory](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029)
# Exploit authors
This exploit was written by Sonny of [watchTowr (@watchtowrcyber)](https://twitter.com/watchtowrcyber)
# Follow [watchTowr](https://watchTowr.com) Labs
For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team
- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber
文件快照
[4.0K] /data/pocs/4ab8d005fc18f099fbd223209693662af5b583d4
├── [1.5K] README.md
└── [2.9K] watchtowr-vs-mitel-micollab-cve-2024-41713_2024-12-05.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。