Share
## https://sploitus.com/exploit?id=6C2BAE1C-366B-529B-A757-FA1829A86A8F
# CVE-2024-41713
Mitel MiCollab Authentication Bypass to Arbitrary File Read
See our [blog post](https://labs.watchtowr.com/) for technical details
```
__ ___ ___________
__ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________
\ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \
\ / / __ \| | \ \___| Y | |( <_> \ / | | \/
\/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__|
\/ \/ \/
watchtowr-vs-MiCollab_2024-12-05.py
(*) Mitel MiCollab Authentication Bypass and Arbitrary File Read exploit by watchTowr
- Sonny, watchTowr (sonny@watchTowr.com)
CVEs: [CVE-2024-41713 - Authentication Bypass] - [CVE-2024-00000 - Arbitrary File Read]
Example Usage:
- python watchtowr-vs-MiCollab_2024-12-05.py --url http://localhost --file /etc/passwd
```
# Affected Versions
Mitel MiCollab 9.8 SP1 FP2 (9.8.1.201) and earlier, more details at [Mitel advisory](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029)
# Exploit authors
This exploit was written by Sonny of [watchTowr (@watchtowrcyber)](https://twitter.com/watchtowrcyber)
# Follow [watchTowr](https://watchTowr.com) Labs
For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team
- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber