🟢 CVE-2024-55550

This vulnerability affects Mitel MiCollab and allows authenticated administrators to read local files through path traversal. Despite being in CISA KEV, it has a LOCAL attack vector and requires administrative privileges, limiting its internet exploitability.

← Back to Overview
LOW_RISK
Risk Level
4.4
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
HIGH
Deployment Risk
Yes (+513d)
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2024-12-10

Added to CISA KEV: 2025-01-07 28 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-55550 is a path traversal vulnerability affecting Mitel MiCollab that allows an authenticated attacker with administrative privileges to perform a local file read [1] [5].

Exploitation and Threat Activity
  • Active Exploitation: The vulnerability has been exploited in the wild [2]. Following the public release of proof-of-concept (PoC) code on December 5, 2024, reports emerged of threat actors chaining CVE-2024-55550 with another vulnerability, CVE-2024-41713, to conduct attacks [2] [3].
  • CISA Status: Both CVE-2024-55550 and CVE-2024-41713 were added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on January 7, 2025 [4].
  • PoC Availability: Public proof-of-concept exploit code is available and has been used to facilitate exploitation activity [2].
Attack Method and Requirements
  • Access Requirements: Exploitation requires the attacker to have authenticated access with administrative privileges to the Mitel MiCollab platform [1] [5].
  • Method: The vulnerability stems from insufficient input sanitization, enabling path traversal [1] [5].
Impact
  • Access/Impact: A successful exploit allows an attacker to read local files on the system [1]. While the disclosure is generally described as limited to non-sensitive system information, the vulnerability does not inherently allow for file modification or privilege escalation on its own [1]. However, when chained with other vulnerabilities, it can be part of more significant unauthorized access attempts [2].
Affected Versions and Mitigation
  • Affected Versions: Mitel MiCollab versions up to and including 9.8 SP2 are affected [1].
  • Mitigation: Users are advised to review the official Mitel Product Security Advisory (MISA-2024-0029) and update to the latest available release, specifically MiCollab 9.8 SP2 (9.8.2.12) or later, to remediate the vulnerability [3] [6].

Sources

  1. CVE-2024-55550 Detail - NVD

    A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is ... An official website of the United States government Here's how you know ... CVE-2024-55550 Detail. Description. Mitel MiCollab through 9.8 S…

  2. Exploitation of critical path traversal vulnerability (CVE-2024-41713 ...

    CVE-2024-55550 is a path traversal vulnerability in MiCollab could allow an authenticated attacker with administrative privilege to conduct a ... Versions: 9.8 SP1 FP2 (9.8.1.201) and earlier Mitel MiCollab Threat details Exploitation in the wild of vulnerabilities CVE-2024-41713 and CVE-2024-5550 T…

  3. Mitel Releases Security Advisories for MiCollab - NHS England Digital

    After proof-of-concept technical details were published on 5 December 2024 for CVE-2024-41713 and CVE-2024-55550, exploitation activity chaining these two Mitel MiCollab vulnerabilities was reported. NHS England's National CSOC issued high severity Cyber Alert CC-4588 in response. Affected organisat…

  4. PoC Exploit Available for Mitel MiCollab VoIP Platform [CVE-2024 ...

    **Update** (January 8, 2025): CVE-2024-41713 and CVE-2024-55550 were added to CISA's list of known exploited vulnerabilities on January 7, 2025.

  5. CVE-2024-55550 - Mitel MiCollab Path Traversal... - SecAlerts

    To fix CVE-2024-55550, ensure that all affected versions of Mitel MiCollab are updated to the latest release that contains the necessary security patches.CVE-2024-55550 is a path traversal vulnerability that arises from insufficient input sanitization in Mitel MiCollab. Can CVE-2024-55550 be exploit…

  6. Mitel Product Security Advisory MISA-2024-0029

    A successful exploit of this vulnerability could allow an attacker to gain unauthorized access, with potential impacts to the confidentiality, ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed