CVE-2024-55550 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Mitel MiCollab Path Traversal Vulnerability

Exploit added

January 7, 2025

Action due

January 28, 2025

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

References

Weakness Enumeration

CWE-ID	CWE Name
CWE-22	Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Known Affected Software Configurations

cpe:2.3:a:mitel:micollab:9.6.2.9:::::-::
cpe:2.3:a:mitel:micollab:9.7:::::-::
cpe:2.3:a:mitel:micollab:9.5.0.101:::::-::
cpe:2.3:a:mitel:micollab:9.6:::::-::
cpe:2.3:a:mitel:micollab:9.4:-::::-::*
cpe:2.3:a:mitel:micollab:9.4:sp1::::-::*
cpe:2.3:a:mitel:micollab:9.3:::::-::
cpe:2.3:a:mitel:micollab:9.2:-::::-::*
cpe:2.3:a:mitel:micollab:9.2:fp1::::-::*
cpe:2.3:a:mitel:micollab:9.2:::::-::
cpe:2.3:a:mitel:micollab:9.1.2:::::-::
cpe:2.3:a:mitel:micollab:9.1:::::-::
cpe:2.3:a:mitel:micollab:9.0:::::-::
cpe:2.3:a:mitel:micollab:8.1.2:::::-::
cpe:2.3:a:mitel:micollab:8.1.1:fp1::::-::*
cpe:2.3:a:mitel:micollab:8.1.1:-::::-::*
cpe:2.3:a:mitel:micollab:8.1:::::-::
cpe:2.3:a:mitel:micollab:8.0:sp2::::-::*
cpe:2.3:a:mitel:micollab:8.0:sp1::::-::*
cpe:2.3:a:mitel:micollab:8.0:fp1::::-::*
cpe:2.3:a:mitel:micollab:-:::::-::
cpe:2.3:a:mitel:micollab:8.0:-::::-::*
cpe:2.3:a:mitel:micollab:7.3:::::-::
cpe:2.3:a:mitel:micollab:9.1.3:::::-::

Details

Source:
NVD

Published:
December 10, 2024

Updated:
January 8, 2025

Risk information

CVSS v3

Base score:
2.7

Severity:

LOW

Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CVSS v2

Not defined