- Description
- Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 2.7
- Impact score
- 1.4
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
Data from CISA
- Vulnerability name
- Mitel MiCollab Path Traversal Vulnerability
- Exploit added on
- Jan 7, 2025
- Exploit action due
- Jan 28, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CISA has flagged 3 actively exploited vulnerabilities—two in Mitel MiCollab and one in Oracle WebLogic Server. ⤷ CVE-2024-41713: Remote access via path traversal. ⤷ CVE-2024-55550: Exploited by attackers with admin privileges. ⤷ CVE-2020-2883: A high-severity… https://t.co/i
@Kill_billw
3 Feb 2025
246 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/KiDuAzK7Fd 🚨 #Cybersécurité | Alerte critique sur MiCollab Deux failles majeures découvertes dans MiCollab de Mitel : * CVE-2024-41713 : Vulnérabilité critique (9.8/10) * CVE-2024-55550 : Accès aux fichiers système ➡️ Mise à jour urgente : MiCollab 9.8 SP2 requise
@AloneDeParis
13 Jan 2025
18 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-55550 #Mitel #MiCollab Path Traversal Vulnerability https://t.co/WAWhAz9d2p
@ScyScan
9 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Absolute madness from CISA for this exploitation, two in Mitel MiCollab and one in Oracle WebLogic Server. 👽 • CVE-2024-41713: Remote access. • CVE-2024-55550: Exploited by attackers with admin privileges. • CVE-2020-2883: A high-severity vulnerability in Oracle WebLogic.
@byt3n33dl3
8 Jan 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[HelpNet] Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers. CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities... https://t.co/vCdTJ0Mu3h
@shah_sheikh
8 Jan 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has flagged 3 actively exploited vulnerabilities—two in Mitel MiCollab and one in Oracle WebLogic Server. ⤷ CVE-2024-41713: Remote access via path traversal. ⤷ CVE-2024-55550: Exploited by attackers with admin privileges. ⤷ CVE-2020-2883: A high-severity vulnerability in… h
@TheHackersNews
8 Jan 2025
41471 Impressions
41 Retweets
103 Likes
14 Bookmarks
1 Reply
0 Quotes
CVE-2024-55550 Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitizatio… https://t.co/qKwtQ0M09I
@CVEnew
11 Dec 2024
268 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "E8AEF239-B12F-4BB2-BD66-CAEE28F5C8F1",
"versionEndExcluding": "9.8"
},
{
"criteria": "cpe:2.3:a:mitel:micollab:9.8:-:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "3961CA44-5F11-4077-87E4-CE0DC4CC2C75"
},
{
"criteria": "cpe:2.3:a:mitel:micollab:9.8:sp1:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "5567FF4F-4420-4B93-8661-7BC4EB067E19"
}
],
"operator": "OR"
}
]
}
]