Local File Read Vulnerability in Mitel MiCollab Product
CVE-2024-55550

2.7LOW

Key Information:

Vendor

Mitel

Status
Vendor
CVE Published:
10 December 2024

Badges

💰 Ransomware👾 Exploit Exists🟣 EPSS 15%🦅 CISA Reported📰 News Worthy

What is CVE-2024-55550?

Mitel MiCollab versions up to 9.8 SP2 are susceptible to a local file read vulnerability. Authenticated attackers with administrative privileges can exploit this issue due to insufficient input sanitization. This flaw enables access to resources typically restricted to admin-level access, allowing disclosure of non-sensitive system information. However, this vulnerability does not permit file modifications or privilege escalations.

CISA has reported CVE-2024-55550

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-55550 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

News Articles

CISA adds Mitel and Oracle bugs to exploited vulnerabilities list

Two Mitel MiCollab bugs were added to the KEV catalog, while a patched Oracle WebLogic Server exploit is still under threat.

Mitel 0-day, 5-year-old Oracle RCE exploited in the wild

Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw – and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for...

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers - Help Net Security

CISA has added Mitel MiCollab and Oracle WebLogic Server vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

References

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by The Hacker News

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

.