8 January 2025

High-severity Oracle, Mitel flaws exploited in the wild


High-severity Oracle, Mitel flaws exploited in the wild

The US Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog.

The newly added vulnerabilities are CVE-2024-41713, a path traversal vulnerability in Mitel MiCollab, which allows an attacker to gain unauthorized and unauthenticated access, CVE-2024-55550, another path traversal flaw in Mitel MiCollab that could be used an authenticated attacker with administrative privileges to read local files on the system due to insufficient input sanitization.

The third actively exploited vulnerability is CVE-2020-2883, a remote code execution flaw in Oracle WebLogic Server, which can be exploited by an unauthenticated attacker with network access via IIOP or T3 protocols.

Notably, CVE-2024-41713 and CVE-2024-55550 can be chained together, enabling a remote, unauthenticated attacker to read arbitrary files on the server.

Currently, details on the methods of exploitation, the attackers involved, and their targets remain unclear.


Back to the list

Latest Posts

Massive botnet abuses misconfigured DNS records to deliver malware

Massive botnet abuses misconfigured DNS records to deliver malware

The threat actor took advantage of SPF records with an overly permissive configuration option, which allows any server to send emails on behalf of a domain.
16 January 2025
Russia-linked hackers increasingly exploiting legitimate services in Ukraine to carry out cyberattacks

Russia-linked hackers increasingly exploiting legitimate services in Ukraine to carry out cyberattacks

Most of the cyberattacks targeting Ukraine over the past year were intended for espionage, financial theft, or to inflict psychological damage.
16 January 2025
Codefinger hackers target Amazon S3 buckets with encryption attacks

Codefinger hackers target Amazon S3 buckets with encryption attacks

The attacks rely on AWS's Server-Side Encryption with Customer-Provided Keys (SSE-C) feature.
15 January 2025