Mitel MiCollab NuPoint Unified Messaging Path Traversal Vulnerability

A path traversal vulnerability has been identified in the NuPoint Unified Messaging component of Mitel MiCollab, affecting versions through 9.8 SP2 (9.8.2.12). This vulnerability allows an unauthenticated attacker to exploit insufficient input validation, potentially leading to unauthorized access. An attacker could view, modify, or delete users' data and system configurations. Additionally, the vulnerability could be exploited to gain unauthorized access to provisioning information, including non-sensitive user and network details, and to perform unauthorized administrative actions on the MiCollab Server.

Impact

Exploitation of this vulnerability could result in unauthorized access to user data and system configurations, allowing an attacker to view, modify, or delete this information. It could also enable unauthorized administrative actions on the MiCollab Server.

Remediation

Users are advised to upgrade to MiCollab version 9.8 SP3 (9.8.3.1) or later. For those unable to upgrade immediately, Mitel has provided a patch available for releases 6.0 and above. Instructions for both the upgrade and the patch can be found in the Mitel Knowledge Base article SO8539.