Hosted on MSN

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

A proof-of-concept (PoC) exploit that strings together the two flaws, both spotted and disclosed to Mitel by watchTowr, which on Thursday published the PoC after waiting 100-plus days for the vendor ...
Bleeping Computer

Mitel MiCollab zero-day flaw gets proof-of-concept exploit

Researchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server's filesystem. Mitel MiCollab is an enterprise ...
Dark Reading

Bypass Bug Revives Critical N-Day in Mitel MiCollab

Two new vulnerabilities in Mitel's MiCollab unified communications and collaboration (UCC) platform could help expose gobs of enterprise data. MiCollab is a cross-platform application on mobile ...

Mitel 0-day, 5-year-old Oracle RCE bug under active exploit

Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw – and a critical ...
CSOonline

Mitel MiCollab VoIP authentication bypass opens new attack paths

Researchers released a proof-of-concept exploit for a path traversal flaw in the enterprise VoIP suite that, coupled with an arbitrary file read issue, can give attackers access to protected files, ...
Bleeping Computer

CISA warns of critical Oracle, Mitel flaws exploited in attacks

CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. The ...
heise online

US security agency warns of attacks on MiCollab and WebLogic Server

Attackers are currently targeting PCs on which Mitel MiColab or Oracle WebLogic Server is installed. In the worst case, attackers can take over systems completely. Security patches are available for ...