This content originally appeared on DEV Community and was authored by Freedom Coder
CVE ID
CVE-2024-55550
Vulnerability Name
Mitel MiCollab Path Traversal Vulnerability
- Project: Mitel
- Product: MiCollab
Date
- Date Added: 2025-01-07
- Due Date: 2025-01-28
Description
Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55550
Related Security News
- Mitel warns of critical MiVoice MX-ONE authentication bypass flaw
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
- CISA warns of critical Oracle, Mitel flaws exploited in attacks
More CVEs Info
Common Vulnerabilities & Exposures (CVE) List
This content originally appeared on DEV Community and was authored by Freedom Coder