CVE-2024-55550

LOW KEV RANSOMWARE NUCLEI

Mitel Micollab < 9.8.1.201 - Path Traversal

Title source: rule

Description

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

Nuclei Templates (1)

Mitel MiCollab - Arbitary File Read

CRITICALVERIFIEDby DhiyaneshDk,watchTowr

Shodan: http.html:"Mitel Networks"

FOFA: body="mitel networks"

References (3)

[Vendor Advisory] https://www.mitel.com/support/security-advisories

[Vendor Advisory] https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550

Scores

CVSS v3 2.7

EPSS 0.1772

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Details

CISA KEV 2025-01-07

VulnCheck KEV 2024-12-11

ENISA EUVD EUVD-2024-52803

Ransomware Use Confirmed

CWE

CWE-22

Status published

Products (1)

mitel/micollab < 9.8.1.201

Published Dec 10, 2024

KEV Added Jan 07, 2025

Tracked Since Feb 18, 2026