CVE-2024-41713

CRITICAL KEV RANSOMWARE NUCLEI

Mitel Micollab < 9.8.1.201 - Path Traversal

Title source: rule

Description

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

Exploits (6)

nomisec WORKING POC 19 stars

by watchtowrlabs · infoleak

https://github.com/watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713

View Code ZIP pw:eip

nomisec WORKING POC

by gunyakit · infoleak

https://github.com/gunyakit/CVE-2024-41713-PoC-exploit

View Code ZIP pw:eip

nomisec SCANNER

by amanverma-wsu · poc

https://github.com/amanverma-wsu/CVE-2024-41713-Scan

View Code ZIP pw:eip

nomisec WORKING POC

by Sanandd · infoleak

https://github.com/Sanandd/cve-2024-CVE-2024-41713

View Code ZIP pw:eip

nomisec WORKING POC

by zxj-hub · infoleak

https://github.com/zxj-hub/CVE-2024-41713POC

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

infoleak

https://github.com/iSee857/CVE-PoC

View Code ZIP pw:eip

Nuclei Templates (1)

Mitel MiCollab - Authentication Bypass

HIGHVERIFIEDby DhiyaneshDK,watchTowr

Shodan: http.html:"Mitel Networks"

FOFA: body="mitel networks"

References (2)

[Vendor Advisory] https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-41713

Scores

CVSS v3 9.1

EPSS 0.9414

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CISA KEV 2025-01-07

VulnCheck KEV 2024-12-10

ENISA EUVD EUVD-2024-39339

Ransomware Use Confirmed

CWE

CWE-22

Status published

Products (1)

mitel/micollab < 9.8.1.201

Published Oct 21, 2024

KEV Added Jan 07, 2025

Tracked Since Feb 18, 2026