cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41710,https://securityvulnerability.io/vulnerability/CVE-2024-41710,Argument Injection Attack on Mitel SIP Phones,"A vulnerability exists in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, allowing an authenticated attacker with administrative privileges to perform an argument injection attack. This weakness arises from inadequate parameter sanitization during the boot sequence of the devices. If exploited, it could enable the attacker to execute arbitrary commands within the system's context, leading to potential disruption and compromise of device integrity.",Mitel,Mitel 6800 Series and 6900 Series SIP Phones,6.8,MEDIUM,0.00044999999227002263,false,,true,true,true,2025-01-29T18:03:01.000Z,,true,false,,2024-08-12T19:15:00.000Z,3993
CVE-2024-41713,https://securityvulnerability.io/vulnerability/CVE-2024-41713,Mitel NuPoint Unified Messaging (NPM) Vulnerability: Path Traversal Attack,"A vulnerability exists within the NuPoint Unified Messaging component of Mitel MiCollab, where insufficient input validation may result in a path traversal attack. An unauthenticated attacker who successfully exploits this vulnerability could gain unauthorized access, potentially allowing them to view, corrupt, or delete sensitive user data and critical system configurations. Organizations using affected versions should prioritize securing their systems against potential exploits to mitigate the risk of data breaches.",Mitel,Micollab,9.1,CRITICAL,0.9543700218200684,true,2025-01-07T00:00:00.000Z,true,false,true,2024-12-05T14:07:33.000Z,,true,false,,2024-10-21T21:15:00.000Z,3587
CVE-2024-35286,https://securityvulnerability.io/vulnerability/CVE-2024-35286,Unauthenticated SQL Injection Vulnerability in Mitel MiCollab NPM could Lead to Sensitive Information Exposure,"There is a critical unauthenticated SQL injection vulnerability (CVE-2024-35286) in Mitel MiCollab NPM that allows attackers to access sensitive information and execute arbitrary database and management operations. A zero-day arbitrary file read flaw, when chained with a now-patched critical bug in the same platform, gives attackers access to sensitive files on vulnerable instances. Additionally, an authentication bypass vulnerability (CVE-2024-41713) was found, which allows an unauthenticated attacker to conduct a path traversal attack, potentially compromising user data and system configurations. Mitel has released patches for some of these flaws, but the arbitrary file read flaw, which requires authentication to exploit, remains unpatched at the time of writing. The widespread use of Mitel MiCollab, with more than 16,000 instances across the Internet, makes it a target for ransomware gangs and other cybercriminals.",Mitel,,,,0.0004299999854993075,false,,true,false,true,2024-12-05T00:00:00.000Z,,true,false,,2024-10-21T21:15:00.000Z,1644