The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows –
It’s worth noting that CVE-2024-41713 could be chained with CVE-2024-55550 to permit an unauthenticated, remote attacker to read arbitrary files on the server.
Details about the twin flaws emerged last month following a report from WatchTowr Labs, which discovered the issues as part of its efforts to replicate another critical bug in Mitel MiCollab (CVE-2024-35286, CVSS score: 9.8) that was patched in May 2024.
As for CVE-2020-2883, Oracle warned in late April 2020 that it had received “reports of attempts to maliciously exploit a number of recently-patched vulnerabilities, including vulnerability CVE-2020-2883.”
There are currently no details available on how the aforementioned flaws are exploited in real-world attacks, who may be exploiting them, or the targets of these activities.
Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary updates by January 28, 2025, to secure their networks.
