Alert: Hackers Actively Exploiting Critical Oracle and Mitel Vulnerabilities, CISA Warns

Alert: Hackers Actively Exploiting Critical Oracle and Mitel Vulnerabilities, CISA Warns

CISA Adds Critical Mitel and Oracle Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has identified three actively exploited vulnerabilities affecting Mitel MiCollab and Oracle WebLogic Server platforms. These security flaws have been added to the Known Exploited Vulnerabilities (KEV) catalog.

Critical Vulnerabilities:

1. Mitel MiCollab (CVE-2024-41713)
– Severity: 9.1/10
– Impact: Allows unauthorized system access
– Type: Path traversal vulnerability
– No authentication required

2. Mitel MiCollab (CVE-2024-55550)
– Severity: 4.4/10
– Impact: Enables local file access
– Type: Path traversal vulnerability
– Requires administrative privileges

3. Oracle WebLogic Server (CVE-2020-2883)
– Severity: 9.8/10
– Impact: System compromise via IIOP/T3
– Type: Security vulnerability
– No authentication required

Security researchers at WatchTowr Labs discovered that CVE-2024-41713 can be combined with CVE-2024-55550, enabling unauthorized remote attackers to access server files. Oracle has reported attempted exploits of CVE-2020-2883 following its patch release in April 2020.

Federal agencies must implement security updates by January 28, 2025, as mandated by Binding Operational Directive (BOD) 22-01.

Share This Article