CVE-2024-41713

CRITICAL KEV RANSOMWARE NUCLEI

Mitel MiCollab < 9.8.1.201 - Unauthenticated Path Traversal in NuPoint Unified Messaging

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-41713 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 7, 2025, with confirmed use in ransomware campaigns. EIP tracks 6 public exploits from researchers including watchtowrlabs, gunyakit, amanverma-wsu. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-41713, an authentication bypass vulnerability in Mitel MiCollab. The exploit leverages a path traversal technique to achieve arbitrary file read by crafting a malicious XML payload sent to a vulnerable endpoint.

Description

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

Exploits (6)

nomisec WORKING POC 19 stars
by watchtowrlabs · infoleak
https://github.com/watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713

This repository contains a functional exploit for CVE-2024-41713, an authentication bypass vulnerability in Mitel MiCollab. The exploit leverages a path traversal technique to achieve arbitrary file read by crafting a malicious XML payload sent to a vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Mitel MiCollab 9.8 SP1 FP2 (9.8.1.201) and earlier
No auth needed
Prerequisites: Network access to the target Mitel MiCollab server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by gunyakit · infoleak
https://github.com/gunyakit/CVE-2024-41713-PoC-exploit

This repository contains a functional exploit for CVE-2024-41713, an authentication bypass vulnerability in Mitel MiCollab leading to arbitrary file read. The exploit uses a crafted POST request to read /etc/passwd via path traversal in the ReconcileWizard endpoint.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Mitel MiCollab
No auth needed
Prerequisites: Network access to the target Mitel MiCollab instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER
by amanverma-wsu · poc
https://github.com/amanverma-wsu/CVE-2024-41713-Scan

The repository contains a Python script that scans for CVE-2024-41713, a directory traversal vulnerability in Apache HTTP Server. It sends a crafted request to detect the vulnerability but does not exploit it.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTP Server
No auth needed
Prerequisites: Python 3.x · requests library
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Sanandd · infoleak
https://github.com/Sanandd/cve-2024-CVE-2024-41713

This repository contains a functional exploit for CVE-2024-41713, targeting Mitel MiCollab. The exploit leverages a path traversal vulnerability to read arbitrary files (e.g., /etc/passwd) via a crafted HTTP POST request with XML payload.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Mitel MiCollab
No auth needed
Prerequisites: Network access to the target Mitel MiCollab instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by zxj-hub · infoleak
https://github.com/zxj-hub/CVE-2024-41713POC

This repository contains a functional exploit for CVE-2024-41713, an arbitrary file read vulnerability in Mitel MiCollab's NuPoint Unified Messaging (NPM) component. The exploit leverages path traversal and authentication bypass to read sensitive files like /etc/passwd.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Mitel MiCollab < 9.8 SP2 (9.8.2.12)
No auth needed
Prerequisites: Network access to the target system · Mitel MiCollab with vulnerable NPM component
devstral-2 · analyzed Feb 18, 2026 Full analysis →
vulncheck_xdb WORKING POC
infoleak
https://github.com/iSee857/CVE-PoC

The repository contains functional exploit code for CVE-2024-41713, demonstrating a command execution vulnerability in OpenCode. The script sends a crafted request to execute the 'id' command and checks for the presence of 'uid=' and 'gid=' in the response to confirm exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenCode
No auth needed
Prerequisites: Network access to the target · Target running vulnerable OpenCode instance
devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

Mitel MiCollab - Authentication Bypass
HIGHVERIFIEDby DhiyaneshDK,watchTowr
Shodan: http.html:"Mitel Networks"
FOFA: body="mitel networks"

References (2)

Core 2

Scores

CVSS v3 9.1
EPSS 0.9391
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2025-01-07
VulnCheck KEV 2024-12-10
ENISA EUVD EUVD-2024-39339
Ransomware Use Confirmed
CWE
CWE-22
Status published
Products (1)
mitel/micollab < 9.8.1.201
Published Oct 21, 2024
KEV Added Jan 07, 2025
Tracked Since Feb 18, 2026