CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation

Jan 08, 2025Ravie LakshmananVulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The list of vulnerabilities is as follows –

• CVE-2024-41713 (CVSS score: 9.1) – A path traversal vulnerability in Mitel MiCollab that could allow an attacker to gain unauthorized and unauthenticated access
• CVE-2024-55550 (CVSS score: 4.4) – A path traversal vulnerability in Mitel MiCollab that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization
• CVE-2020-2883 (CVSS score: 9.8) – A security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3

It’s worth noting that CVE-2024-41713 could be chained with CVE-2024-55550 to permit an unauthenticated, remote attacker to read arbitrary files on the server.

Details about the twin flaws emerged last month following a report from WatchTowr Labs, which discovered the issues as part of its efforts to replicate another critical bug in Mitel MiCollab (CVE-2024-35286, CVSS score: 9.8) that was patched in May 2024.

As for CVE-2020-2883, Oracle warned in late April 2020 that it had received “reports of attempts to maliciously exploit a number of recently-patched vulnerabilities, including vulnerability CVE-2020-2883.”

There are currently no details available on how the aforementioned flaws are exploited in real-world attacks, who may be exploiting them, or the targets of these activities.

Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary updates by January 28, 2025, to secure their networks.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!