Local File Read Vulnerability in Mitel MiCollab Product
CVE-2024-55550
Key Information:
Badges
Summary
Mitel MiCollab versions up to 9.8 SP2 are susceptible to a local file read vulnerability. Authenticated attackers with administrative privileges can exploit this issue due to insufficient input sanitization. This flaw enables access to resources typically restricted to admin-level access, allowing disclosure of non-sensitive system information. However, this vulnerability does not permit file modifications or privilege escalations.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
CISA adds Mitel and Oracle bugs to exploited vulnerabilities list
Two Mitel MiCollab bugs were added to the KEV catalog, while a patched Oracle WebLogic Server exploit is still under threat.
3 weeks ago
The RegisterMitel 0-day, 5-year-old Oracle RCE exploited in the wild
Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw β and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for...
1 month ago
Help Net SecurityMitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers - Help Net Security
CISA has added Mitel MiCollab and Oracle WebLogic Server vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
1 month ago
References
EPSS Score
42% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π°
First article discovered by The Hacker News
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published