Alert: Hackers Actively Exploiting Critical Oracle and Mitel Flaws, CISA Warns Federal Agencies

Alert: Hackers Actively Exploiting Critical Oracle and Mitel Flaws, CISA Warns Federal Agencies

Critical Security Vulnerabilities Demand Immediate Action from Federal Agencies

CISA has issued an urgent warning to U.S. federal agencies regarding active exploitation of critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems. The agency has added three significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.

Key Vulnerabilities:

1. Mitel MiCollab NuPoint Unified Messaging (CVE-2024-41713):
– Critical path traversal vulnerability
– Allows unauthorized administrative actions
– Enables access to user and network information
– No authentication required for exploitation

2. Oracle WebLogic Server (CVE-2020-2883):
– Critical vulnerability from 2020
– Enables remote server takeover
– No authentication required

3. Mitel MiCollab (CVE-2024-55550):
– Path traversal vulnerability
– Requires admin privileges
– Limited to file reading capabilities
– No access to sensitive system information

Federal agencies must implement security patches by January 28, as mandated by Binding Operational Directive (BOD) 22-01. While primarily targeting federal agencies, CISA recommends all organizations prioritize these patches to prevent potential attacks.

The vulnerabilities represent significant risks to federal infrastructure and are actively being exploited by malicious actors. Immediate action is required to secure affected systems and prevent unauthorized access.

Share This Article