CVE-2024-41713: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated...

0.0 CVSS

Description

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

Known Exploited

🚨 Marked as known exploited on January 7th, 2025 (3 months ago).

Classification

CVE ID: CVE-2024-41713

CVSS Base Severity: LOW

CVSS Base Score: 0.0

CVSS Vector:

Affected Products

Vendor: n/a

Product: n/a

Nuclei Template

http/cves/2024/CVE-2024-41713.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 95.44% (probability of being exploited)

EPSS Percentile: 99.54% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029

Timeline

2024-12-11 00:30:55 UTC
CVE

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated...
2025-01-07 15:15:12 UTC
CISA KEV

Mitel MiCollab Path Traversal Vulnerability
2025-01-07 15:16:41 UTC
🚨 Marked as Known Exploited
2025-01-08 05:00:34 UTC
TheHackerNews

CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation