X-Industry

Trouble for Oracle and Mitel Systems

Posted by Jim McKee on February 3, 2025 at 12:00pm

13444173482?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies about three flaws allowing hackers to use Mitel MiCollab and Oracle WebLogic Server on its Known Exploited Vulnerabilities catalog (KEV). This security defect will enable attackers to perform unauthorized administrative actions and access user and network information.

Currently, there is no information on how these flaws are exploited in real-world attacks, who may be exploiting them, or the targets of these activities.

The list of problems includes:
• CVE-2024-41713 - A path traversal vulnerability in Mitel MiCollab that could allow an attacker to gain unauthorized and unauthenticated access.
• CVE-2024-55550 - A path traversal vulnerability in Mitel MiCollab that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization
• CVE-2024-2883 - A security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3
• CVE-2024-41713 may be linked with CVE-2024-55550 in a way that permits a remote attacker access to read files on the server.

WatchTowr Labs, https://labs.watchtowr.com, first discovered these issues to replicate another critical bug in Mitel MiCollab, CVE-2024-35286, which was patched in May 2024. Regarding CVE-2020-2883, Oracle announced in 2020 that it had received "reports of attempts to maliciously exploit a number of recently patched vulnerabilities, including vulnerability CVE-2022-2883.”

According to Censys, more than 5,600 internet-exposed Mitel MiCollabs are in question. Nearly 3,000 are in the US, followed by Canada, the UK, Australia, and the Netherlands.

CISA's Binding Operational Directive (BOD) 22-01 requires US federal agencies to apply the necessary updates by 28 January 2025 to secure their networks.

 

This article is shared at no charge and is for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com

• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122

Views: 15
Tags: tr-25-024-002, cisa, cve-2024-41713, cve-2024-55550, cve-2024-2883, censys
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!