CVE-2024-55550

CVSS 4.4 MEDIUMEPSS 37.5%● KEVCWE-22

Vexday Risk Score

70High priority

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 4.4EPSS 37.5%KEV simPoC —Nuclei simMetasploit —Patch —

Lifecycle

10 Dec 2024Published on NVD

07 Jan 2025Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

An admin user in Mitel MiCollab up to version 9.8 SP2 can read local files on the system due to weak input checking. This could expose non-sensitive system information, but doesn't allow changing files or gaining higher privileges.

Technical detail

Path traversal vulnerability (CWE-22) in Mitel MiCollab ≤9.8 SP2 requires authenticated administrative access; insufficient input sanitization on file path parameters allows local file read operations restricted to admin-level resources and non-sensitive system data disclosure.

Summary generated and translated by AI from the official description.

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550 https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029