Threats / Mitel / CVE-2024-41713
CVE-2024-41713
· EUVD no mirror located
· GCVE no mirror located
Verified 2026-06-22
Mitel MiCollab vulnerability
Mitel MiCollab contains an unauthenticated path traversal vulnerability (CWE-22) enabling unauthorized file access. When chained with CVE-2024-55550, attackers can read arbitrary files on affected servers.
Verdict
Today item, not a backlog item.
This vulnerability poses critical risk due to unauthenticated exploitation, active wild exploitation, and ransomware campaign involvement. The path traversal combined with arbitrary file read capabilities enables reconnaissance and credential harvesting attacks.
01
Is it exploitable?
— the evidence, ranked above the scoreExploit available
Public proof-of-concept exploit code is cataloged for this vulnerability.We link the existence of the exploit; we do not host or redistribute payloads.
Reported exploitation
408 independent public reports of in-the-wild exploitation are cataloged.Distinct reporting sources (vendor, incident response, government); open them for the underlying claims.
Exploited in the wild
Listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-01-07), flagged for known ransomware use.
Probability (EPSS)
EPSS 0.98067 — modeled likelihood of exploitation activity.EPSS is a daily-changing model output — open the source for today's value.
Severity / affected
Affected: Mitel, MiCollab. Confirm exact fixed builds in the vendor advisory.
Weakness (CWE)
Mapped to CWE-22 Path Traversal — weakness family: Path traversal / file.CWE assignment from the public NVD record; the weakness class drives how the flaw is exploited.
02
Who’s exploiting it?
— attribution turns risk into urgencyAttribution not established
No confirmed (advisory-backed) threat-actor attribution is established for this record. Absence of a named actor is not absence of compromise — see Coverage & confidence.
03
Why it matters
— the attack path, told twice: adversary, then board1
Front door — unauthenticated access narrative 1
Attacker
I craft a malicious request exploiting the path traversal flaw to bypass directory restrictions without authentication.
Business
Attackers gain initial foothold into the MiCollab infrastructure without valid credentials, bypassing perimeter defenses.
2
Keys to the kingdom — privilege/identity takeover narrative 2
Attacker
I chain this with CVE-2024-55550 to read sensitive configuration files, credentials, and application data from the server.
Business
Sensitive information including authentication tokens, API keys, and user data are exposed to threat actors.
3
Lateral reach — past segmentation narrative 3
Attacker
I extract credentials and system details to establish persistent access or lateral movement within the network.
Business
Attackers establish deeper compromise enabling deployment of ransomware or data exfiltration campaigns.
04
What to do
— defensible action- Remediate per the vendor advisory — confirm the fixed build for your version and verify exposure.1
Say it to the boardA vulnerability with this evidence profile is a defensible budget line, not a backlog ticket — fund the change against the proof above.
05