Ethical Hacking News
Two critical vulnerabilities in Mitel MiCollab and Oracle WebLogic Server are being actively exploited, with CISA adding them to its Known Exploited Vulnerabilities Catalog. The Mitel 0-day vulnerability has been patched by the vendor, while the five-year-old Oracle RCE bug remains unfixed. Organizations are urged to prioritize patching these vulnerabilities as soon as possible to prevent potential exploitation.
Mitel MiCollab and Oracle WebLogic Server have critical vulnerabilities being actively exploited. The Mitel vulnerability has a severity rating of 9.8 CVSS, while the Oracle RCE bug also has a critical severity score of 9.8 CVSS. The Mitel vulnerability can allow an unauthenticated attacker to conduct a path traversal attack and potentially view or delete users' data and system configurations. The Oracle RCE vulnerability allows an unauthenticated attacker to bypass previous security measures via IIOP or T3. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging organizations to prioritize patching these vulnerabilities as soon as possible.
Cybersecurity experts have sounded the alarm, warning of a significant threat to enterprise security as two critical vulnerabilities in Mitel MiCollab and Oracle WebLogic Server are being actively exploited. The Mitel 0-day vulnerability, CVE-2024-41713, has been patched by the vendor, while the five-year-old Oracle Remote Code Execution (RCE) bug, CVE-2020-2883, remains unfixed despite initial warnings from the US Cybersecurity and Infrastructure Security Agency (CISA) in 2020.
The Mitel MiCollab vulnerability affects versions 9.8 SP1 FP2 (9.8.1.201) and earlier, with a critical severity rating of 9.8 CVSS. The bug is caused by insufficient input validation in the NuPoint Unified Messaging (NPM) component, allowing an unauthenticated attacker to conduct a path traversal attack and potentially view, corrupt, or delete users' data and system configurations.
In contrast, the Oracle RCE vulnerability has been rated critical with a severity score of 9.8 CVSS. The bug is caused by an unspecified issue in Oracle WebLogic Server, which can be exploited via IIOP or T3, allowing an unauthenticated attacker to bypass previous security measures. This vulnerability was first identified in April 2020 by Viettel Cyber Security researcher Bui Duong, who reported that it allowed attackers to exploit a previously discovered bug (CVE-2020-2555).
Both vulnerabilities have been exploited in the wild, with CISA adding them to its Known Exploited Vulnerabilities Catalog. The agency has warned of potential threats from these exploits and urged organizations to prioritize patching these vulnerabilities as soon as possible.
Mitel credited watchTowr's Sonny Macdonald with spotting and reporting both vulnerabilities, while the watchTowr team acknowledged that they waited over 100 days for the enterprise software vendor to issue a fix before going public with proof-of-concept (PoC) code. The PoC demonstrated how the Mitel bugs could be chained together potentially for more significant impact.
In an interview, watchTowr CEO Benjamin Harris explained that VoIP platforms like Mitel MiCollab are particularly attractive targets for Advanced Persistent Threats (APTs), which could use these vulnerabilities to intercept calls, interfere with them, or block them at will. Harris emphasized the importance of alerting industry to these vulnerabilities ahead of CISA's official marking of them as Known Exploited Vulnerabilities.
Oracle has not yet responded to The Register's inquiries about this flaw, including the scope of the current exploits.
The exploitation of these critical vulnerabilities highlights the ongoing need for organizations to prioritize their cybersecurity posture. As enterprises rely more heavily on cloud-based services and enterprise software, the threat landscape is becoming increasingly complex and sophisticated. It is essential that organizations take proactive steps to patch known vulnerabilities like these and stay vigilant against emerging threats.
In light of this recent development, IT professionals and security experts are urged to exercise extreme caution when dealing with VoIP platforms like Mitel MiCollab and other enterprise software. Regularly monitoring for updates on newly discovered vulnerabilities and staying informed about the latest security best practices is crucial in preventing exploitation of these types of risks.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2025/01/08/mitel_0_day_oracle_rce_under_exploit/
Published: Wed Jan 8 16:28:39 2025 by llama3.2 3B Q4_K_M
