Critical Mitel, Oracle flaws find active exploitation, CISA urges patching

Chained for maximum impact

One of the Mitel flaws, tracked as CVE-2024-41713, is a critical (CVSS 9.8/10) path traversal vulnerability in the NuPoint Unified Messaging component of Mitel MiCollab that could allow an unauthenticated attacker to exploit a lack of sufficient input validation to gain unauthorized access and view, corrupt or delete user data and system configurations.

The other flaw, tracked as CVE-2024-55550 and rated moderately severe (CVSS 4.4/10), is…