CISA warns of critical Oracle, Mitel flaws exploited in attacks

CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks.

The cybersecurity agency added a critical path traversal vulnerability (CVE-2024-41713) found in the NuPoint Unified Messaging (NPM) component Mitel’s MiCollab unified communications platform to its Known Exploited Vulnerabilities Catalog.

This security bug allows attackers to perform unauthorized administrative actions and access user and network information.

“A successful exploit of this vulnerability could allow an attacker to gain unauthorized access, with potential impacts to the confidentiality, integrity, and availability of the system. This vulnerability is exploitable without authentication,” MiCollab explains.

“If the vulnerability is successfully exploited, an attacker could gain unauthenticated access to provisioning information including non-sensitive user and network information and perform unauthorized administrative actions on the MiCollab Server.”

The critical Oracle WebLogic Server flaw tracked as CVE-2020-2883 and patched four years ago in April 2020 enables unauthenticated attackers to take unpatched servers remotely.

The U.S. cybersecurity agency also warned of a second Mitel MiCollab path traversal vulnerability (CVE-2024-55550), enabling authenticated attackers with admin privileges to read arbitrary files on vulnerable servers. However, the impact is limited because successful exploitation doesn’t allow privilege escalation, and accessible files don’t contain sensitive system information.

Today, CISA added all three vulnerabilities to its Known Exploited Vulnerabilities catalog, tagging them as actively exploited. As mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021, Federal Civilian Executive Branch (FCEB) agencies must secure their networks within three weeks by January 28.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said on Tuesday.

While the KEV catalog focuses on alerting U.S. federal agencies regarding vulnerabilities that should be patched as soon as possible, all organizations are advised to prioritize mitigating these security flaws to block ongoing attacks.

Source

Leave a Comment Cancel Reply

London, GB

9:37 am, Jan 15, 2025

9°C

L: 9° | H: 10°

Feels like 9°C° overcast clouds

Humidity: 92 %

Pressure: 1035 mb

Wind: 1 mph NW

Wind Gust: 2 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 100%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 7:59 am

Sunset: 4:20 pm

DailyHourly

Daily ForecastHourly Forecast

Today 9:00 pm

9° | 10°°C 0 mm 0% 3 mph 98 % 1034 mb 0 mm/h

Tomorrow 9:00 pm

5° | 9°°C 0 mm 0% 5 mph 96 % 1035 mb 0 mm/h

Fri Jan 17 9:00 pm

3° | 7°°C 0 mm 0% 4 mph 93 % 1036 mb 0 mm/h

Sat Jan 18 9:00 pm

2° | 7°°C 0 mm 0% 3 mph 89 % 1033 mb 0 mm/h

Sun Jan 19 9:00 pm

2° | 6°°C 0 mm 0% 4 mph 89 % 1024 mb 0 mm/h

Today 12:00 pm

9° | 9°°C 0 mm 0% 2 mph 90 % 1034 mb 0 mm/h

Today 3:00 pm

9° | 9°°C 0 mm 0% 3 mph 90 % 1033 mb 0 mm/h

Today 6:00 pm

7° | 7°°C 0 mm 0% 3 mph 97 % 1034 mb 0 mm/h

Today 9:00 pm

6° | 6°°C 0 mm 0% 3 mph 98 % 1034 mb 0 mm/h

Tomorrow 12:00 am

6° | 6°°C 0 mm 0% 3 mph 96 % 1034 mb 0 mm/h

Tomorrow 3:00 am

5° | 5°°C 0 mm 0% 3 mph 95 % 1033 mb 0 mm/h

Tomorrow 6:00 am

5° | 5°°C 0 mm 0% 3 mph 96 % 1034 mb 0 mm/h

Tomorrow 9:00 am

5° | 5°°C 0 mm 0% 3 mph 96 % 1034 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€94,039.75	0.50%
Ethereum(ETH)	€3,125.94	-0.43%
XRP(XRP)	€2.76	10.48%
Tether(USDT)	€0.97	-0.01%
Solana(SOL)	€183.01	-0.02%
Dogecoin(DOGE)	€0.347878	2.73%
USDC(USDC)	€0.97	0.01%
Shiba Inu(SHIB)	€0.000020	-0.39%
Pepe(PEPE)	€0.000016	-0.59%
Peanut the Squirrel(PNUT)	€0.55	-8.33%

CISA warns of critical Oracle, Mitel flaws exploited in attacks

Share:

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us