On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of three vulnerabilities affecting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog. This action was taken in response to evidence indicating that these flaws are actively being exploited.
The vulnerabilities identified include CVE-2024-41713, which has a high severity CVSS score of 9.1. This flaw constitutes a path traversal vulnerability within Mitel MiCollab that enables unauthorized, unauthenticated access. Another critical flaw is CVE-2024-55550, scoring 4.4 on the CVSS scale; it allows an authenticated attacker with administrative privileges to read local files due to inadequate input validation. The most severe of the three is CVE-2020-2883, which affects Oracle WebLogic Server and has an alarming CVSS score of 9.8, allowing unauthenticated attackers with network access to exploit the vulnerability using IIOP or T3 protocols.
Notably, CVE-2024-41713 can be combined with CVE-2024-55550, enabling an unauthenticated remote attacker to gain the ability to read arbitrary files from the server. The potential impact of these vulnerabilities was highlighted in a report last month, which emerged from WatchTowr Labs as they attempted to replicate a different critical issue in Mitel MiCollab, designated CVE-2024-35286, which received a 9.8 CVSS score and was patched in May 2024.
Oracle had previously warned in April 2020 of attempts to maliciously exploit vulnerabilities, including CVE-2020-2883, shortly after issuing patches. While specific real-world exploitation details of these vulnerabilities remain unclear, the research data suggests a significant number of vulnerable instances still exist, particularly in the United States, where nearly 3,000 instances of Mitel MiCollab are exposed to the Internet.
Federal Civilian Executive Branch agencies must adhere to Binding Operational Directive (BOD) 22-01, which mandates that necessary updates to secure their networks need to be implemented by January 28, 2025.
In terms of the tactics likely employed in these attacks, adversaries may have utilized initial access techniques to exploit the vulnerabilities. Methods such as spear phishing or exploiting unpatched software could serve as entry points. Additionally, the weaknesses in input validation and insufficient access controls suggest a potential for privilege escalation tactics, allowing attackers to further exploit the vulnerabilities in a compromised environment.
Business owners should remain vigilant about their organizational cybersecurity posture and understand that these vulnerabilities can serve as conduits for more extensive breaches if not promptly addressed. Continued engagement in applying security patches and updates is essential to mitigate the risks associated with these identified vulnerabilities.
If you find this article helpful, consider following us on platforms like Google News, Twitter, and LinkedIn to stay informed about the latest developments in cybersecurity.
