Watchtower experts have recently discovered a zero-day vulnerability on the Mitel Micollab platform, which allows attackers to read arbitrary files. This, combined with a previously fixed critical vulnerability, exposes vulnerable systems to unauthorized access and potential data breaches. To showcase the severity of the threat, a Proof of Concept (POC-Exenth) was published by Watchtower Labs after more than 100 days of waiting for the fix to be implemented. More details can be found here.
Mitel Micollab is a widely used corporate communication tool that enables employees and customers to interact through voice calls, video conferences, chats, file sharing, and other functionalities. With over 16,000 instances of the system in use, Micollab has become an appealing target for cybercriminals and malicious actors looking to exploit vulnerabilities.
Earlier in May, Watchtower researchers identified a critical vulnerability cve-2024-35286 (CVSS: 9.8) in the Nupoint Unified Messaging (NPM) component of the Micollab platform. This flaw allowed unauthorized access to sensitive data and database operations. Mitel promptly released a fix for this vulnerability, as detailed here.
Subsequently, another vulnerability in the npm component was disclosed by the research team (cve-2024-41713, CVSS: 7.5) due to insufficient input data verification. This flaw enabled the bypassing of authentication and allowed hackers to access, modify, or delete user data and system configurations. Mitel addressed this issue with a correction released in October, as outlined here.
During the investigation of these vulnerabilities, the researchers uncovered a third flaw that has yet to receive a CVE identifier and remains unpatched. This vulnerability permits authenticated users to read arbitrary files, including critical system files such as “/etc/passwd.” To demonstrate the exploit