CVE-2024-55550

low

Description

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

References

https://www.securityweek.com/critical-vulnerability-exposes-many-mitel-micollab-instances-to-remote-hacking/

https://www.securityweek.com/aquabot-botnet-targeting-vulnerable-mitel-phones/

https://www.securityweek.com/cisa-warns-of-mitel-micollab-vulnerabilities-exploited-in-attacks/

https://thehackernews.com/2025/01/cisa-flags-critical-flaws-in-mitel-and.html

https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-oracle-mitel-flaws-exploited-in-attacks/

https://www.bleepingcomputer.com/news/security/mitel-warns-of-critical-mivoice-mx-one-authentication-bypass-flaw/

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029

https://www.mitel.com/support/security-advisories

Details

Source: Mitre, NVD

Published: 2024-12-10

Updated: 2025-01-08

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 2.7

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.12626