The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert, adding three high-risk vulnerabilities impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog. These flaws have been actively exploited by threat actors, raising serious cybersecurity concerns.
Critical Vulnerabilities Identified
CISA has flagged the following vulnerabilities:
CVE-2024-41713 (CVSS Score: 9.1) – A path traversal vulnerability in Mitel MiCollab that allows unauthorized and unauthenticated access, posing a significant security risk.
CVE-2024-55550 (CVSS Score: 4.4) – Another path traversal flaw in Mitel MiCollab, which could enable an authenticated attacker with administrative privileges to read local files due to improper input sanitization.
CVE-2020-2883 (CVSS Score: 9.8) – A severe security vulnerability in Oracle WebLogic Server that could be exploited remotely by an unauthenticated attacker via IIOP or T3 network protocols.
Exploitation Risks and Research Insights
Security researchers warn that CVE-2024-41713 and CVE-2024-55550 could be exploited together, allowing remote attackers to read arbitrary files on the affected Mitel MiCollab server without authentication.
These vulnerabilities were disclosed by WatchTowr Labs, which uncovered them while analyzing another critical Mitel MiCollab flaw, CVE-2024-35286 (CVSS Score: 9.8), patched in May 2024.
Regarding CVE-2020-2883, Oracle had previously warned in April 2020 about ongoing malicious exploitation of recently patched WebLogic vulnerabilities, including this one.
Current Exploitation and Mitigation Measures
At present, there is limited publicly available information regarding real-world attacks leveraging these vulnerabilities, including the identity of the threat actors or their specific targets.
However, under Binding Operational Directive (BOD) 22-01, all Federal Civilian Executive Branch (FCEB) agencies are mandated to apply security updates by January 28, 2025, to mitigate these threats and secure their networks.
Key Takeaways and Security Recommendations
Organizations using Mitel MiCollab or Oracle WebLogic Server should immediately apply patches and security updates.
Implement network segmentation and restrict unauthorized access to sensitive services.
Enable intrusion detection systems (IDS) to monitor suspicious activities related to these vulnerabilities.
Stay updated with security advisories from CISA, Mitel, and Oracle to track potential exploits.
As cyber threats evolve, staying proactive with patch management and threat intelligence is crucial to defending against attacks.
For more cybersecurity updates and expert insights, stay tuned to our blog!