The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three critical vulnerabilities that are currently being exploited in the wild.
These vulnerabilities affect Mitel MiCollab and Oracle WebLogic Server systems, posing significant risks to organizations and federal agencies.
Mitel MiCollab Vulnerabilities
Two of the vulnerabilities impact Mitel MiCollab, a widely used unified communications platform:
CVE-2024-41713: This critical path traversal vulnerability in the NuPoint Unified Messaging (NPM) component of MiCollab has a CVSS score of 9.1.
It allows unauthenticated attackers to gain unauthorized access to MiCollab servers, potentially exposing sensitive information and enabling administrative control.
Successful exploitation could lead to compromised confidentiality, integrity, and availability of the affected systems.
CVE-2024-55550: While less severe (CVSS score 4.4), this vulnerability allows authenticated attackers with administrative privileges to read local files on vulnerable MiCollab servers.
When chained with CVE-2024-41713, it significantly amplifies the risk, enabling attackers to access arbitrary files and potentially compromise the entire system.
Mitel has released updates to address these vulnerabilities, strongly recommending users upgrade to MiCollab 9.8 SP2 (9.8.2.12) or later immediately.
Oracle WebLogic Server Vulnerability
The third vulnerability affects the Oracle WebLogic Server:
CVE-2020-2883: This high-severity vulnerability (CVSS score 9.8) in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 to compromise vulnerable systems.
Despite being patched in April 2020, its inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog indicates ongoing exploitation.
Impact and Recommendations
The potential consequences of these vulnerabilities are severe, including unauthorized data access, system hijacking, and malware propagation within organizational networks.
VoIP platforms like MiCollab are particularly attractive targets for advanced persistent threats (APTs), as they can potentially allow attackers to intercept or manipulate phone calls.
CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies patch these vulnerabilities by January 28, 2025, as per Binding Operational Directive (BOD) 22-01.
However, given the active exploitation, all organizations are strongly urged to take immediate action.
Recommended mitigation strategies include:
- Promptly applying the latest security updates and patches provided by Mitel and Oracle.
- Implementing robust input validation mechanisms to prevent path traversal attacks.
- Enhancing access controls and applying the principle of least privilege.
- Deploying intrusion detection systems and maintaining thorough logging for timely incident response.
For organizations unable to immediately patch, temporary measures such as disabling the T3 protocol for WebLogic Server can help mitigate risks.
As cyber threats continue to evolve, timely patching, rigorous security practices, and constant vigilance remain crucial for protecting critical infrastructure and sensitive data from exploitation.
ANY.RUN Threat Intelligence Lookup - Extract Millions of IOC's for Interactive Malware Analysis: Try for Free