Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Mitel MiCollab Path Traversal Vulnerability

Known Exploited Vulnerabilities CVE-2024-55550

Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2024-55550	Mitel MiCollab Path Traversal Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments Due to improper input sanitization, a user with administrative credentials can access and read arbitrary files on the MiCollab server. References https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123
CVE-2024-55550	Mitel MiCollab Path Traversal Vulnerability	primary_impact	T1005	Data from Local System	Comments Due to improper input sanitization, a user with administrative credentials can access and read arbitrary files on the MiCollab server. References https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123
CVE-2024-55550	Mitel MiCollab Path Traversal Vulnerability	secondary_impact	T1041	Exfiltration Over C2 Channel	Comments Due to improper input sanitization, a user with administrative credentials can access and read arbitrary files on the MiCollab server. That data can then be exfiltrated. References https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123