What is CVE-2024-55550?

A low-severity vulnerability in Mitel MiCollab could allow an authenticated attacker to read local files due to insufficient input sanitization. Organizations are advised to apply mitigations promptly to prevent potential information disclosure.

What is the severity of CVE-2024-55550?

CVE-2024-55550 has a severity rating of LOW with a CVSS base score of 2.7.

Is CVE-2024-55550 in CISA KEV?

Yes. CVE-2024-55550 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2024-55550 | Low Vulnerability in Mitel MiCollab

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

The CVSS score for this vulnerability is 2.7, classified as low severity. Although the severity is low, the risk to organizations includes potential unauthorized access to non-sensitive system information. Organizations should prioritize patching immediately.

The vulnerability was published on December 10, 2024, and is currently included in the Known Exploited Vulnerabilities (KEV) catalog. This inclusion signifies its relevance and potential exploitation in the wild.

Given the administrative privileges required to exploit this vulnerability, organizations must remain vigilant and ensure that only authorized personnel have such access to mitigate the risk of exploitation.

Vulnerability Details

Mitel MiCollab through 9.8 SP2 contains a path traversal vulnerability. The CVSS version used for scoring is 3.1, with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. This vulnerability is classified under CWE-22, indicating a path traversal issue.

The primary attack vector is network-based, with low attack complexity and requiring high privileges. Importantly, it does not require user interaction. The confidentiality impact is low, while integrity and availability impacts are none.

Technical Analysis

The root cause of this vulnerability is insufficient input sanitization. Attackers may leverage this weakness to read files on the system that should be restricted to administrative access. Given the attack complexity is low, this vulnerability is concerning, especially for organizations relying heavily on Mitel MiCollab.

The attack vector is primarily network-based, allowing potential exploitation without needing physical access to the device. The complexity is low, meaning that even less sophisticated attackers could potentially exploit this vulnerability if they gain administrative access.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to non-sensitive information, potentially leading to further exploitation if combined with other vulnerabilities. The urgency for remediation is high given its classification in the KEV catalog, suggesting active exploitation is possible.

Organizations should address this vulnerability in their priority patch cycle to ensure that administrative access points are secured and that input sanitization mechanisms are adequately enforced.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	Yes

Affected Versions

The affected product is Mitel MiCollab, specifically versions up to and including 9.8.1.201. Organizations should ensure that they are running a patched version to mitigate this vulnerability.

Mitigation & Remediation

Organizations should implement the following mitigations: apply vendor patches as soon as they are available. For further information and guidance, organizations can refer to the penetration testing services tailored to assess vulnerabilities in their systems.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unusual file access patterns, specifically for local file reads initiated by authenticated administrative accounts.

AppSecure Threat Intelligence Insight

This vulnerability illustrates a common trend in software security where insufficient input sanitization leads to exploitable vulnerabilities. Organizations should continuously invest in secure coding practices and regular security assessments to prevent such vulnerabilities.

For further insights on securing applications, organizations can explore our resources on vulnerability management and penetration testing methodology to strengthen their security posture.

Additionally, reviewing our security testing best practices can provide further guidance on maintaining secure systems.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-55550: Low Vulnerability in Mitel MiCollab