In this episode, we dissect the critical vulnerabilities plaguing Mitel MiCollab, a widely used unified communications platform, and explore how attackers are exploiting these flaws in the wild. Recently, security researchers uncovered a trio of dangerous vulnerabilities, including CVE-2024-35286 (a SQL injection flaw), CVE-2024-41713 (an authentication bypass), and an unpatched arbitrary file read zero-day. With active exploitation confirmed and proof-of-concept (PoC) exploits already in circulation, these issues have escalated into an urgent cybersecurity crisis.
We’ll examine how these vulnerabilities allow attackers to gain unauthorized file access and even full administrative control over affected systems. As noted by watchTowr Labs, the ability to infiltrate VoIP platforms like MiCollab could grant attackers unprecedented access to live communications—a serious concern for enterprise security. The U.S. CISA has added these flaws to its Known Exploited Vulnerabilities catalog, prompting immediate patching directives.
Join us as we break down the timeline of discovery, Mitel’s patch response, and the current mitigation strategies recommended by FortiGuard Labs and other security experts. If you’re running MiCollab in your environment, this is not an episode you can afford to miss.
