CVE-2024-41713 | THREATINT

Description

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

PUBLISHED Reserved 2024-07-22 | Published 2024-10-21 | Updated 2025-10-21 | Assigner mitre

CISA Known Exploited Vulnerability

Date added 2025-01-07 | Due date 2025-01-28

Known Ransomware Campaign(s)

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2024-41713 government-resource

www.mitel.com/...el-product-security-advisory-misa-2024-0029

cve.org (CVE-2024-41713)

nvd.nist.gov (CVE-2024-41713)

Download JSON