Hosted on MSN

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

A proof-of-concept (PoC) exploit that strings together the two flaws, both spotted and disclosed to Mitel by watchTowr, which on Thursday published the PoC after waiting 100-plus days for the vendor ...
Dark Reading

Bypass Bug Revives Critical N-Day in Mitel MiCollab

Two new vulnerabilities in Mitel's MiCollab unified communications and collaboration (UCC) platform could help expose gobs of enterprise data. MiCollab is a cross-platform application on mobile ...
Bleeping Computer

Mitel MiCollab zero-day flaw gets proof-of-concept exploit

Researchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server's filesystem. Mitel MiCollab is an enterprise ...
Bleeping Computer

CISA warns of critical Oracle, Mitel flaws exploited in attacks

CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. The ...
CSOonline

Mitel MiCollab VoIP authentication bypass opens new attack paths

Researchers released a proof-of-concept exploit for a path traversal flaw in the enterprise VoIP suite that, coupled with an arbitrary file read issue, can give attackers access to protected files, ...