Local File Read Vulnerability in Mitel MiCollab Product
CVE-2024-55550
Key Information:
Badges
What is CVE-2024-55550?
Mitel MiCollab versions up to 9.8 SP2 are susceptible to a local file read vulnerability. Authenticated attackers with administrative privileges can exploit this issue due to insufficient input sanitization. This flaw enables access to resources typically restricted to admin-level access, allowing disclosure of non-sensitive system information. However, this vulnerability does not permit file modifications or privilege escalations.
CISA has reported CVE-2024-55550
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-55550 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
News Articles
CISA adds Mitel and Oracle bugs to exploited vulnerabilities list
Two Mitel MiCollab bugs were added to the KEV catalog, while a patched Oracle WebLogic Server exploit is still under threat.
The RegisterMitel 0-day, 5-year-old Oracle RCE exploited in the wild
Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw – and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for...
Help Net SecurityMitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers - Help Net Security
CISA has added Mitel MiCollab and Oracle WebLogic Server vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
References
EPSS Score
15% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by The Hacker News
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published