EXECUTIVE SUMMARY:
A zero-day vulnerability has been discovered in Mitel MiCollab, enabling attackers to access sensitive files on the server's filesystem via a path traversal exploit in the 'ReconcileWizard' servlet. The flaw, uncovered by researchers remains unpatched after being reported to Mitel months ago, leaving users exposed. Although the vulnerability is less critical than previous flaws, it still poses a significant risk as unauthorized users can access sensitive files like '/etc/passwd'.
The vulnerability in Mitel MiCollab poses a significant risk due to its potential to expose sensitive system files. Users should apply the latest security updates to mitigate this threat.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://www.bleepingcomputer.com/news/security/mitel-micollab-zero-day-flaw-gets-proof-of-concept-exploit/