The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a pair of path traversal flaws impacting Mitel's MiCollab platform and a five-year-old Oracle WebLogic Server issue, according to SC Media.
Sarah Jones, cyber threat intelligence research analyst at Critical Start, said the more severe of the Mitel MiCollab issues is the critical vulnerability tracked as CVE-2024-41713, which Jones said attackers could leverage to facilitate data and system compromise, as well as lateral movement without the need for authentication. Jones added that the medium-severity flaw tracked as CVE-2024-55550, could be exploited to target sensitive local files.
Significant risks with the old Oracle WebLogic Server bug, tracked as CVE-2020-2883, continue as attackers could abuse the vulnerability alongside the Internet Inter-Orb Protocol or T3 protocols to allow total server compromise, said Jones.
Jones added that defending systems against the flaws recently added to the KEV catalog requires the immediate remediation of impacted Mitel MiCollab instances and the implementation of Web Application Firewall rules, as well as the monitoring of potentially vulnerable Oracle WebLogic Servers.
