January 13, 2025: CISA has added three alerts to its Known Exploited Vulnerabilities Catalog for zero-day flaw for Mitel MiCollab, and a remote code execution vulnerability that has been exploited for at least five years for Oracle WebLogic Sever.
The three known exploited vulnerabilities are tracked as:
- CVE-2024-4173 (Mitel MiCollab Path Traversal Vulnerability – CVSS of 9.1/10)
- CVE-2024-5550 (Mitel MiCollab Path Traversal Vulnerability – CVSS of 4.4/10)
- CVE-2020-2883 (Oracle WebLogic Sever Unspecified Vulnerability – CVSS of 9.8/10).
Mitel affected products include version 9.8 SP1 FP2 (9.8.1.201) and earlier.
The Oracle vulnerability affects versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0.
CISA’s statement said that “these type of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
Impact of Mitel and Oracle Vulnerabilities
Path traversal vulnerabilities are caused by a HTTP exploit where a cyber threat actor is able to gain access to restricted directories, execute commands and view data that they shouldn’t have access to. That can include access to passwords, application codes and operating system files. In certain cases they are able to modify files on the server and could give them full control of a server through that found flaw.
The pair of Mitel MiCollar vulnerabilities could be able to be chained together by cyber threat actors to maximize impact, which would allow them to read sensitive files.
According to Mitel’s disclosure in October of 2024, it was not believed that this flaw leads to file modification or privilege escalation.
The Oracle WebLogic Server vulnerability has been actively exploited and unauthenticated attackers with network access can fully take over the server.
Patching and Remediation Recommendations
Mitel has released patches for affected version as well as fixed version for users to upgrade.
Users should upgrade to the most recent versions. If they are not able to upgrade, there is a patch for releases 6.0 and above.
CVE-2024-5550 is said to be “substantially mitigated” by the upgrades released for CVE-2024-4714 and a direct update will be addressed in the future.
The Oracle WebLogic vulnerability is an attempt to exploit a five year old patched vulnerability and Oracle recommends customers upgrade to supported versions to address the issue, though as of this alert there is no reported exploitation of these flaws.
CISA has referred to the BOD 22-01 directive that requires all Federal Civilian Executive (FCEB) agencies to patch flaws within 15 days if they are active exploited, which would include the Mitel MiCollab vulnerabilities.
BOD 22-01 also applies to the Oracle flaw and organizations must reduce exposure to cyber attacks by prioritizing remediation.
Cybersecurity Solutions
It’s important to make patching and updating part of your regular cybersecurity policies.
Zero-day vulnerabilities cannot be prevented since the definition is that they are exploited by cyber threat actors before they are discovered, which underscores the importance of cyber resilient practices such as third-party monitoring and vulnerability assessments.
When you are impacted by a zero-day vulnerability, it’s important to have an incident response plan that includes disconnecting systems and segments from networks, and remediation from unauthorized access to systems and patching.
Risk assessments are especially important when there is a known vulnerability where there is currently a wait for a patch to be issued.
When any vulnerabilities are known or exploited by any devices or software used on your network, a cybersecurity risk assessment is also recommended to get help determining vulnerabilities in your network and get actionable recommendations based on real data captured from your network through our assessment, including immediate remediation options. Regular cybersecurity risk assessments should be part of your organization’s cybersecurity policy.
SecuLore CyberSight™ provides management of your attack surface and monitoring through our patented technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers)
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.