Analysis Summary

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog indicating active exploitation. These include two path traversal vulnerabilities in Mitel MiCollab—CVE-2024-41713 (CVSS 9.1) and CVE-2024-55550 (CVSS 4.4)—and a critical security flaw in Oracle WebLogic Server, CVE-2020-2883 (CVSS 9.8).

CVE-2024-41713 allows unauthorized, unauthenticated access to sensitive files, while CVE-2024-55550 lets authenticated administrators read local files due to poor input sanitization. The CVE-2020-2883, Oracle WebLogic Server flaw could enable unauthenticated attackers to execute arbitrary commands via IIOP or T3 network access.

A significant concern is the potential chaining of CVE-2024-41713 with CVE-2024-55550 which could allow unauthenticated attackers to access and read arbitrary files on vulnerable servers. WatchTowr Labs highlighted these vulnerabilities last month while investigating a related critical bug, CVE-2024-35286 (CVSS 9.8), patched earlier in May 2024. These newly discovered flaws demonstrate the persistent challenges in securing widely used enterprise communication platforms like Mitel MiCollab.

Oracle's CVE-2020-2883, a critical flaw first disclosed in 2020, remains an active threat as attackers exploit it in real-world scenarios. Oracle previously warned about malicious activity targeting this vulnerability, underscoring the need for immediate patching to prevent unauthorized access. Despite the severity of these issues, specific details about the exploitation techniques, the identities of the attackers, or the intended targets remain unknown.

In compliance with Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must update their systems by January 28, 2025, to mitigate risks from these vulnerabilities. The directive emphasizes proactive patch management to safeguard federal networks against exploitation. Security teams across industries are advised to prioritize these updates to prevent potential data breaches and service disruptions

Impact

• Gain Access
• Unauthorized Access

Indicators of Compromise

CVE

• CVE-2024-41713
• CVE-2024-55550
• CVE-2020-2883

Affected Vendors

Remediation

• Install Oracle’s latest patch to mitigate the vulnerability, as outlined in their security advisory.
• Implement network-level restrictions to limit access to the WebLogic server.
• Disable unused protocols like IIOP and T3 if not required for operations.
• Apply the latest security patch provided by Mitel to address the path traversal vulnerability.
• Ensure systems are updated by January 28, 2025, as mandated by BOD 22-01.
• Implement a robust intrusion detection and prevention system to monitor for signs of exploitation.
• Conduct regular vulnerability assessments and penetration testing to identify potential weak points.
• Educate IT and security staff on the risks associated with these vulnerabilities and the importance of timely patching.
• Maintain regular data backups and validate the integrity of critical systems to ensure rapid recovery in case of compromise.