Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified critical security vulnerabilities in Mitel MiCollab and Oracle WebLogic Server that pose a substantial threat to network security. These vulnerabilities, cataloged as CVE-2024-41713, CVE-2024-55550, and CVE-2020-2883, have been added to CISA’s Known Exploited Vulnerabilities (KEV) list due to active exploitation evidence. CVE-2024-41713, a path traversal flaw in Mitel MiCollab, carries a CVSS score of 9.1 and permits unauthorized access. On the other hand, CVE-2024-55550, with a CVSS score of 4.4, allows authenticated attackers with administrative privileges to read local files due to insufficient input sanitization. More alarmingly, CVE-2020-2883 impacts the Oracle WebLogic Server with a high severity score of 9.8, enabling unauthenticated attackers to exploit it via network access.
The exploitation of these vulnerabilities can result in severe security breaches, particularly when combining CVE-2024-41713 and CVE-2024-55550, which may allow a remote attacker to read arbitrary files on the server. These vulnerabilities were uncovered during an investigation by WatchTowr Labs, which sought to replicate a flaw previously identified in Mitel MiCollab, known as CVE-2024-35286. Oracle had previously acknowledged attempts to exploit CVE-2020-2883 back in April 2020. This underscores the persistent and evolving threat landscape surrounding these products.
Federal Civilian Executive Branch (FCEB) agencies must address these vulnerabilities by January 28, 2025, per Binding Operational Directive (BOD) 22-01. The urgency in patching these flaws cannot be understated, as failure to do so could leave systems exposed to malicious attacks. Despite lacking specific details on the exploitation methods, the attackers behind these activities, and their particular targets, the identified vulnerabilities pose a severe risk if left unpatched. Agencies and organizations must remain vigilant, ensuring all necessary updates are applied promptly to safeguard their networks and data.
Conclusively, while the precise nature of the exploits and attackers remains unclear, the threats emanating from these vulnerabilities are significant and potentially damaging. Vigilance and prompt action are paramount in mitigating any further risk. Maintaining updated systems and applying the necessary security patches are crucial steps in protecting against potential breaches and securing sensitive information.