Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities affecting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities catalog, indicating active exploitation. These vulnerabilities pose significant risks, particularly when chained together, allowing unauthorized access to sensitive files.
Threat Actor: Unknown | unknown
Victim: Mitel and Oracle | Mitel and Oracle
Key Point :
- CVE-2024-41713 (CVSS 9.1) allows unauthorized access to Mitel MiCollab.
- CVE-2024-55550 (CVSS 4.4) enables authenticated attackers to read local files.
- CVE-2020-2883 (CVSS 9.8) exposes Oracle WebLogic Server to unauthenticated network attacks.
- Chaining CVE-2024-41713 and CVE-2024-55550 could allow remote attackers to read arbitrary files.
- Federal agencies must apply updates by January 28, 2025, as per BOD 22-01.
Source: https://thehackernews.com/2025/01/cisa-flags-critical-flaws-in-mitel-and.html
Views: 2
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português