back to article PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable instances.  A proof-of-concept (PoC) exploit that strings together the two flaws, both spotted and disclosed to Mitel by watchTowr, which …

  1. Vader

    Slow disappearing

    We do a lot of work with Mitel systems and slowly teams is replacing them. Will they be the next chapter 11. The bottom line is for the solution they are very expensive.

    1. Paul Crawford Silver badge

      Re: Slow disappearing

      That is sad in so many ways...

  2. Mike 137 Silver badge

    Yet again (and again and again and ...)

    SQL injection, authentication bypass and arbitrary file read. Out of the Ark all three. When will someone [a] ideally stop making these idiotic mistakes or [b] possibly less unrealistically, do some darned code review and testing?

  3. andy the pessimist

    check the name

    Or you might end up with watchtower.com.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like