CISA Alerts on Actively Exploited Vulnerabilities in Mitel MiCollab and Oracle WebLogic Server

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to organizations about three actively exploited security flaws impacting Mitel and Oracle systems. These vulnerabilities, now added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, pose significant risks to federal agencies and businesses alike.

Two of the vulnerabilities affect Mitel MiCollab, a popular unified communications platform used by businesses worldwide.

CVE-2024-41713 (CVSS 9.1): This critical path traversal vulnerability allows attackers to gain unauthorized access to MiCollab servers, potentially exposing sensitive information and enabling administrative control. Worryingly, this flaw can be exploited without any authentication, making it a prime target for attackers.
CVE-2024-55550 (CVSS 4.4): This vulnerability, while requiring administrative privileges, allows attackers to read local files on the MiCollab server. When chained with CVE-2024-41713, it amplifies the risk, enabling attackers to access arbitrary files and compromise the system.

Mitel has released updates and patches to address these vulnerabilities, urging users to upgrade to MiCollab 9.8 SP2 (9.8.2.12) or later immediately.

The third vulnerability, CVE-2020-2883 (CVSS 9.8), impacts Oracle WebLogic Server, a widely used application server. This highly critical flaw allows unauthenticated attackers to remotely take over the server, potentially leading to data breaches, service disruptions, and malware infections.

CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies patch this vulnerability by January 28, 2025, underscoring the urgency of the situation.

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply