Mitel MiCollab is a solution that brings various communication solutions (such as voice, video, chat, SMS, team collaboration tools, and more) into one platform to provide users an effective communication solution.

CVE-2024-35286 is a SQL injection vulnerability in the NuPoint Unified Messaging (NPM) module of Mitel MiCollab which allows unauthenticated attackers to retrieve information and execute database commands due to insufficient sanitization of user input.

CVE-2024-41713 is a path traversal vulnerability in the NuPoint Unified Messaging (NPM) module of Mitel MiCollab where a specifically crafted HTTP post request will allow unauthenticated attacker to access user data and system information.  

The following versions of Mitel MiCollab is vulnerable:

CVE-2024-35286: ≤ 9.8.0.33

CVE-2024-35286 (https://nvd.nist.gov/vuln/detail/CVE-2024-35286)

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Mitel MiCollab Unauthorized Access Attack” related activities  
IOC source: https://www.fortiguard.com/outbreak-ioc?tag=mitel%20micollab%20unauthorized%20access

All IOCs listed above have been added to Threat Intelligence Intel

Suricata Coverage

Customers can create custom investigation/detections using the Suricata signatures below:

2058075 -> ET WEB_SPECIFIC_APPS Mitel MiCollab Pre-Authentication SQLi (CVE-2024-35286)

2058078 -> ET WEB_SPECIFIC_APPS Mitel MiCollab Unauthenticated Path Traversal (CVE-2024-41713)

Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to
https://www.fortiguard.com/outbreak-alert/mitel-micollab-unauthorized-access