Skip to content

Mitel Micollab Critical Advisory - 20241209001

Overview

A multiple vulnerabilities is currently existed in Mitel Micollab collaboration software. According to ASD's ACSC assessment, there is significant exposure to Mitel Micollab vulnerabilities in Australia and that any exploitation would have significant impact to Australian systems and networks.

What is vulnerable?

Product(s) Affected Version(s) CVE # CVSS v4/v3 Severity
NuPoint Unified Messaging (NPM) within MiCollab 9.8.0.33 CVE-2024-35286 9.8 Critical
NuPoint Unified Messaging (NPM) within MiCollab 9.8 SP1 FP2 (9.8.1.201) and earlier CVE-2024-41713 9.8 by vendor Critical

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices immediately (refer Patch Management):

3rd Party Article(s):