The US CISA has added 3 vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on the evidence of active exploitation.
CVE-2024-41713: Mitel MiCollab Path Traversal Vulnerability
Description:
This vulnerability affects the Mitel MiCollab application. It allows an attacker to perform a path traversal attack, which involves manipulating file paths to access files and directories that are outside the intended directory. This can lead to unauthorized access to sensitive information stored on the server.
Technical Details:
- Attack Vector: Remote, does not require authentication.
- Impact: An attacker can gain access to sensitive files, which can lead to data breaches, information disclosure, and potential misuse of the data.
- Conditions: The attacker needs to craft a specific HTTP request that exploits the path traversal vulnerability.
Mitigation:
- Patch and Update: Ensure that the Mitel MiCollab application is updated to the latest version that addresses this vulnerability.
- Access Controls: Implement stringent access controls to limit exposure and reduce the likelihood of exploitation.
- Regular Audits: Conduct regular security audits to identify and fix vulnerabilities.
Severity: High
CVE-2024-55550: Mitel MiCollab Path Traversal Vulnerability
Description:
Similar to CVE-2024-41713, this vulnerability also impacts the Mitel MiCollab application. It allows attackers to execute path traversal attacks, which can result in unauthorized access to files stored on the server.
Technical Details:
- Attack Vector: Remote, does not require authentication.
- Impact: Unauthorized access to sensitive information, leading to potential data breaches and information misuse.
- Conditions: Requires an attacker to send a specially crafted request to exploit the path traversal flaw.
Mitigation:
- Patch and Update: Apply the latest patches provided by Mitel to address this vulnerability.
- Monitor and Restrict Access: Monitor network traffic for suspicious activities and restrict access to critical systems.
- Security Practices: Employ best security practices, including regular updates and vulnerability assessments.
Severity: High
CVE-2020-2883: Oracle WebLogic Server Unspecified Vulnerability
Description:
This vulnerability affects Oracle WebLogic Server and can be exploited to achieve remote code execution (RCE). RCE allows an attacker to execute arbitrary code on the target server, potentially leading to a full system compromise.
Technical Details:
- Attack Vector: Remote, can be exploited over a network without requiring authentication.
- Impact: Remote code execution, which allows attackers to take control of the affected server, execute arbitrary commands, and potentially steal, modify, or delete data.
- Conditions: Exploitation involves sending specially crafted network requests to the vulnerable server.
Mitigation:
- Apply Patches: Update Oracle WebLogic Server to the latest version that includes security fixes for this vulnerability.
- Network Segmentation: Segment networks to limit the impact of a potential compromise.
- Security Monitoring: Implement continuous monitoring and logging to detect and respond to suspicious activities.
Severity: Critical
CISA has set January 28, 2025, as a deadline for federal agencies to remediate the vulnerabilities. By staying vigilant and proactive, organizations can effectively protect themselves against these known exploited vulnerabilities and enhance their overall cybersecurity posture.
