CISA Finds Serious Problems In Oracle & Mitel Systems

Uploaded on 2025-01-11 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies about three flaws allowing hackers to use Mitel MiCollab and Oracle WebLogic Server on its Known Exploited Vulnerabilities catalogThis security defect allows attackers to perform unauthorised administrative actions and access user and network information.

Right now, there is no information on how these flaws are exploited in real-world attacks, who may be exploiting them, or the targets of these activities.

The list of problems include:  

  •  CVE-2024-41713 - A path traversal vulnerability in Mitel MiCollab that could allow an attacker to gain unauthorised and unauthenticated access.
  •  CVE-2024-55550 - A path traversal vulnerability in Mitel MiCollab that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitisation 
  •  CVE-2024-2883 - A security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3 
  • CVE-2024-41713 may be linked  with CVE-2024-55550 in a way that permits a remote attacker access  to read files on the server. 

WatchTowr Labs, first discovered these issues as part of its efforts to replicate another critical bug in Mitel MiCollab, CVE-2024-35286, that was patched in May 2024. Concerning CVE-2020-2883, Oracle announced  as long ago as 2020 that it had received "reports of attempts to maliciously exploit a number of recently-patched vulnerabilities, including vulnerability CVE-2022-2883.”

According to information from Censys, there are more than 5,600 internet-exposed Mitel MiCollab in question, with nearly 3,000 of them located in the U.S., followed by Canada, the U.K., Australia, and the Netherlands.

CISA's Binding Operational Directive (BOD) 22-01, requires US federal agencies to apply the necessary updates by January 28, 2025, to secure their networks.

CISA   |   Oracle   |   Oracle   |    Watchtowr   |    CVE   |   CVE   |   CVE  |   Bleeping Computer   |   

HackerNews   |    Censys   

Image: 

You Might Also Read: 

Hackers Stealing Data Using Cisco Smart Install:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 




 

« How To Streamline Compliance With NIS2 & DORA 
AI-Enhanced Attacks Are A Rising Threat »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Datto

Datto

Datto delivers a single toolbox of easy to use products and services designed specifically for managed service providers and the businesses they serve.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

Netacea

Netacea

Netacea provides a revolutionary bot management solution that protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

GIS Consulting (GISPL)

GIS Consulting (GISPL)

From General Data Protection Regulations to advanced Network Infrastructure Audits, GIS Consulting has established a reputation as one the leading cyber security companies in the industry.

Mode

Mode

Mode is an out-of-band communication and crisis collaboration platform. One platform to manage your cyber crisis response. Stay connected when it's needed most.