cvelistv5 - cve-2024-55550

CVE-2024-55550 (GCVE-0-2024-55550)

Vulnerability from cvelistv5 – Published: 2024-12-10 00:00 – Updated: 2025-10-21 22:55

CISA

Summary

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

Assigner

mitre

References

URL

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-01-07

Due date: 2025-01-28

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Known

Notes: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55550

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-55550",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-11T04:55:17.443947Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-01-07",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:34.692Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-01-07T00:00:00+00:00",
            "value": "CVE-2024-55550 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T18:14:31.870Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.mitel.com/support/security-advisories"
        },
        {
          "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-55550",
    "datePublished": "2024-12-10T00:00:00.000Z",
    "dateReserved": "2024-12-08T00:00:00.000Z",
    "dateUpdated": "2025-10-21T22:55:34.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-55550",
      "cwes": "[\"CWE-22\"]",
      "dateAdded": "2025-01-07",
      "dueDate": "2025-01-28",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55550",
      "product": "MiCollab",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.",
      "vendorProject": "Mitel",
      "vulnerabilityName": "Mitel MiCollab Path Traversal Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2025-01-28",
      "cisaExploitAdd": "2025-01-07",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "Mitel MiCollab Path Traversal Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*\", \"versionEndExcluding\": \"9.8\", \"matchCriteriaId\": \"E8AEF239-B12F-4BB2-BD66-CAEE28F5C8F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitel:micollab:9.8:-:*:*:*:-:*:*\", \"matchCriteriaId\": \"3961CA44-5F11-4077-87E4-CE0DC4CC2C75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitel:micollab:9.8:sp1:*:*:*:-:*:*\", \"matchCriteriaId\": \"5567FF4F-4420-4B93-8661-7BC4EB067E19\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.\"}, {\"lang\": \"es\", \"value\": \"Mitel MiCollab hasta la versi\\u00f3n 9.8 SP2 podr\\u00eda permitir que un atacante autenticado con privilegios administrativos realice una lectura de archivos locales, debido a una desinfecci\\u00f3n de entrada insuficiente. Una explotaci\\u00f3n exitosa podr\\u00eda permitir que el atacante administrativo autenticado acceda a recursos que est\\u00e1n restringidos al nivel de acceso de administrador, y la divulgaci\\u00f3n se limita a informaci\\u00f3n no confidencial del sistema. Esta vulnerabilidad no permite la modificaci\\u00f3n de archivos ni la escalada de privilegios.\"}]",
      "id": "CVE-2024-55550",
      "lastModified": "2025-01-08T20:46:01.203",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.6}]}",
      "published": "2024-12-10T19:15:31.110",
      "references": "[{\"url\": \"https://www.mitel.com/support/security-advisories\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-55550\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-12-10T19:15:31.110\",\"lastModified\":\"2025-11-04T15:02:31.447\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.\"},{\"lang\":\"es\",\"value\":\"Mitel MiCollab hasta la versi\u00f3n 9.8 SP2 podr\u00eda permitir que un atacante autenticado con privilegios administrativos realice una lectura de archivos locales, debido a una desinfecci\u00f3n de entrada insuficiente. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante administrativo autenticado acceda a recursos que est\u00e1n restringidos al nivel de acceso de administrador, y la divulgaci\u00f3n se limita a informaci\u00f3n no confidencial del sistema. Esta vulnerabilidad no permite la modificaci\u00f3n de archivos ni la escalada de privilegios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2025-01-07\",\"cisaActionDue\":\"2025-01-28\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Mitel MiCollab Path Traversal Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*\",\"versionEndIncluding\":\"9.8.1.201\",\"matchCriteriaId\":\"0C99C6FC-75C9-4886-ACF0-997A750E10F0\"}]}]}],\"references\":[{\"url\":\"https://www.mitel.com/support/security-advisories\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-12-10T18:14:31.870Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.\"}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"version\": \"n/a\", \"status\": \"affected\"}]}], \"references\": [{\"url\": \"https://www.mitel.com/support/security-advisories\"}, {\"url\": \"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029\"}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"text\", \"lang\": \"en\", \"description\": \"n/a\"}]}]}, \"adp\": [{\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-55550\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-11T04:55:17.443947Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-01-07\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-11T14:59:20.352Z\"}, \"timeline\": [{\"time\": \"2025-01-07T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2024-55550 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2024-55550\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"assignerShortName\": \"mitre\", \"dateUpdated\": \"2025-10-21T19:44:12.036Z\", \"dateReserved\": \"2024-12-08T00:00:00.000Z\", \"datePublished\": \"2024-12-10T00:00:00.000Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-55550

Vulnerability from fkie_nvd - Published: 2024-12-10 19:15 - Updated: 2025-11-04 15:02

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	https://www.mitel.com/support/security-advisories	Vendor Advisory
cve@mitre.org	https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550	US Government Resource

Impacted products

	Vendor	Product	Version
	mitel	micollab	*

JSON

To clipboard

{
  "cisaActionDue": "2025-01-28",
  "cisaExploitAdd": "2025-01-07",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Mitel MiCollab Path Traversal Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:*",
              "matchCriteriaId": "0C99C6FC-75C9-4886-ACF0-997A750E10F0",
              "versionEndIncluding": "9.8.1.201",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation."
    },
    {
      "lang": "es",
      "value": "Mitel MiCollab hasta la versi\u00f3n 9.8 SP2 podr\u00eda permitir que un atacante autenticado con privilegios administrativos realice una lectura de archivos locales, debido a una desinfecci\u00f3n de entrada insuficiente. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante administrativo autenticado acceda a recursos que est\u00e1n restringidos al nivel de acceso de administrador, y la divulgaci\u00f3n se limita a informaci\u00f3n no confidencial del sistema. Esta vulnerabilidad no permite la modificaci\u00f3n de archivos ni la escalada de privilegios."
    }
  ],
  "id": "CVE-2024-55550",
  "lastModified": "2025-11-04T15:02:31.447",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-10T19:15:31.110",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitel.com/support/security-advisories"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2024-3141

Vulnerability from csaf_certbund - Published: 2024-10-09 22:00 - Updated: 2025-01-07 23:00

Summary

Mitel MiCollab: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

MiCollab ist eine Kommunikationssuite von Mitel für die Zusammenarbeit in Echtzeit.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mitel MiCollab ausnutzen, um Dateien zu manipulieren, Sicherheitsmaßnahmen zu umgehen, Phishing-Angriffe durchzuführen und vertrauliche Informationen preiszugeben.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "MiCollab ist eine Kommunikationssuite von Mitel f\u00fcr die Zusammenarbeit in Echtzeit.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mitel MiCollab ausnutzen, um Dateien zu manipulieren, Sicherheitsma\u00dfnahmen zu umgehen, Phishing-Angriffe durchzuf\u00fchren und vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3141 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3141.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3141 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3141"
      },
      {
        "category": "external",
        "summary": "Mitel Product Security Advisory vom 2024-10-09",
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-misa-2024-0025"
      },
      {
        "category": "external",
        "summary": "Mitel Product Security Advisory vom 2024-10-09",
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-misa-2024-0026"
      },
      {
        "category": "external",
        "summary": "Mitel Product Security Advisory vom 2024-10-09",
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-misa-2024-0027"
      },
      {
        "category": "external",
        "summary": "Mitel Product Security Advisory vom 2024-10-09",
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-misa-2024-0028"
      },
      {
        "category": "external",
        "summary": "Mitel Product Security Advisory vom 2024-10-09",
        "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
      },
      {
        "category": "external",
        "summary": "CISA Known Exploited Vulnerabilities Catalog vom 2025-01-07",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      }
    ],
    "source_lang": "en-US",
    "title": "Mitel MiCollab: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-07T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-08T09:02:19.303+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3141",
      "initial_release_date": "2024-10-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-12-10T23:00:00.000+00:00",
          "number": "2",
          "summary": "Schwachstelle CVE-2024-55550 und MITEL Referenzen erg\u00e4nzt"
        },
        {
          "date": "2025-01-07T23:00:00.000+00:00",
          "number": "3",
          "summary": "Aktive Ausnutzung gemeldet"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.8 SP2 (9.8.2.12)",
                "product": {
                  "name": "Mitel MiCollab \u003c9.8 SP2 (9.8.2.12)",
                  "product_id": "T038240"
                }
              },
              {
                "category": "product_version",
                "name": "9.8 SP2 (9.8.2.12)",
                "product": {
                  "name": "Mitel MiCollab 9.8 SP2 (9.8.2.12)",
                  "product_id": "T038240-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mitel:micollab:9.8_sp2_%25289.8.2.12%2529"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MiCollab"
          }
        ],
        "category": "vendor",
        "name": "Mitel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-41713",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Mitel MiCollab. Die Komponente NuPoint Unified Messaging (NPM) ist aufgrund einer unzureichenden Eingabevalidierung von einem Fehler bei der Pfad\u00fcberwindung betroffen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateipfade zu manipulieren, um unberechtigten Zugriff auf vertrauliche Informationen zu erhalten und unberechtigte Aktionen durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038240"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-41713"
    },
    {
      "cve": "CVE-2024-47189",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mitel MiCollab. Dieser Fehler betrifft die Audio-, Web- und Videokonferenzkomponente aufgrund einer unzureichenden Bereinigung von Benutzereingaben, was eine SQL-Injektion erm\u00f6glicht. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebige SQL-Befehle auszuf\u00fchren, was zu Datenmanipulationen f\u00fchrt und Zugang zu nicht sensiblen Benutzerbereitstellungsinformationen wie Namen oder E-Mail-Adressen erm\u00f6glicht."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038240"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47189"
    },
    {
      "cve": "CVE-2024-47223",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mitel MiCollab. Dieser Fehler betrifft die Audio-, Web- und Videokonferenzkomponente aufgrund einer unzureichenden Bereinigung von Benutzereingaben, was eine SQL-Injektion erm\u00f6glicht. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebige SQL-Befehle auszuf\u00fchren, was zu Datenmanipulationen f\u00fchrt und Zugang zu nicht sensiblen Benutzerbereitstellungsinformationen wie Namen oder E-Mail-Adressen erm\u00f6glicht."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038240"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47223"
    },
    {
      "cve": "CVE-2024-47224",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Mitel MiCollab. Dieser Fehler betrifft die Audio-, Web- und Videokonferenzkomponente aufgrund einer unzureichenden Kodierung von Benutzereingaben in URLs, die eine CRLF-Eingabe (Carriage Return Line Feed) erm\u00f6glicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Phishing-Angriff durchzuf\u00fchren, indem er eine b\u00f6swillig konstruierte URL erstellt, um Benutzer auf sch\u00e4dliche Websites umzuleiten. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038240"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47224"
    },
    {
      "cve": "CVE-2024-47912",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Mitel MiCollab. Dieser Fehler betrifft die Komponente f\u00fcr Audio-, Web- und Videokonferenzen aufgrund fehlender Authentifizierungsmechanismen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um die Authentifizierung zu umgehen und auf vertrauliche Informationen zuzugreifen und diese zu l\u00f6schen, insbesondere die M\u00f6glichkeit, Webkonferenz-Aufzeichnungsdateien anzuh\u00f6ren oder zu l\u00f6schen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038240"
        ]
      },
      "release_date": "2024-10-09T22:00:00.000+00:00",
      "title": "CVE-2024-47912"
    },
    {
      "cve": "CVE-2024-55550",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Path-Traversal Schwachstelle in Mitel MiCollab aufgrund einer unzureichenden EIngabevalidierung. Ein entfernter, authentisierter Angreifer mit administrativen Rechten kann dies ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038240"
        ]
      },
      "release_date": "2024-12-10T23:00:00.000+00:00",
      "title": "CVE-2024-55550"
    }
  ]
}

GHSA-4C8H-4MM2-MM5G

Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2025-10-22 00:33

Details

Severity ?

4.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-55550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-10T19:15:31Z",
    "severity": "MODERATE"
  },
  "details": "Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.",
  "id": "GHSA-4c8h-4mm2-mm5g",
  "modified": "2025-10-22T00:33:11Z",
  "published": "2024-12-10T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55550"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55550"
    },
    {
      "type": "WEB",
      "url": "https://www.mitel.com/support/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-55550 (GCVE-0-2024-55550)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

FKIE_CVE-2024-55550

WID-SEC-W-2024-3141

GHSA-4C8H-4MM2-MM5G

Tags

Sightings

Nomenclature