⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2025-01-28.

CVE-2024-55550Path Traversal in Micollab

CWE-22Path TraversalCWE-125Out-of-bounds Read8 documents7 sources
Severity
2.7LOWNVD
VulnCheck9.1CISA9.1
EPSS
14.9%
top 5.45%
CISA KEV
KEVRansomware
Added 2025-01-07
Due 2025-01-28
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mitel Micollab
Timeline
PublishedDec 10
KEV addedJan 7
KEV dueJan 28
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

NVDmitel/micollab9.8.1.201

🔴Vulnerability Details

3
CVEList
CVE-2024-55550: Mitel MiCollab through 92024-12-10
GHSA
GHSA-4c8h-4mm2-mm5g: Mitel MiCollab through 92024-12-10
VulnCheck
Mitel MiCollab Path Traversal Vulnerability2024

💥Exploits & PoCs

1
Nuclei
Mitel MiCollab - Arbitary File Read

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Mitel MiCollab Unauthenticated Path Traversal (CVE-2024-41713)2024-12-05

📋Vendor Advisories

2
CISA
Mitel MiCollab Path Traversal Vulnerability2025-01-07
CISA
Mitel MiCollab Path Traversal Vulnerability2025-01-07
CVE-2024-55550 — Path Traversal in Mitel Micollab | cvebase