Summary: Cybercriminals are exploiting vulnerabilities in Mitel MiCollab and Oracle WebLogic Server, including a critical zero-day flaw. The US Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.
Threat Actor: Unknown | unknown
Victim: Mitel and Oracle | Mitel and Oracle
Key Point :
- Two vulnerabilities in Mitel MiCollab (CVE-2024-41713 and CVE-2024-55550) and one in Oracle WebLogic Server (CVE-2020-2883) are actively being exploited.
- CVE-2024-41713 has a critical CVSS score of 9.8 and allows unauthenticated attackers to conduct path traversal attacks.
- CVE-2020-2883, a five-year-old vulnerability, also has a critical CVSS score of 9.8 and allows remote code execution through deserialization.
- Security researchers have warned about these vulnerabilities, with patches available for some but not all.
- Mitel has acknowledged the vulnerabilities and urged customers to apply available security updates.
Source: https://www.theregister.com/2025/01/08/mitel_0_day_oracle_rce_under_exploit/