InfoSecBulletin Cybersecurity for mankind
CISA has urgent warnings for organizations regarding three security flaws in Mitel and Oracle systems that are currently being exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog and pose major risks to federal agencies and businesses.
Two vulnerabilities impact Mitel MiCollab, a widely used unified communications platform for businesses.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2024-41713 (CVSS 9.1): This vulnerability in critical path traversal lets attackers access MiCollab servers without authentication, risking sensitive information and possible administrative control.
CVE-2024-55550 (CVSS 4.4): This vulnerability requires admin privileges but lets attackers read local files on the MiCollab server. When combined with CVE-2024-41713, it increases the risk, allowing access to arbitrary files and system compromise.
Mitel urges users to upgrade to MiCollab 9.8 SP2 (9.8.2.12) or later to address vulnerabilities with released updates and patches.
The third vulnerability, CVE-2020-2883 (CVSS 9.8), affects Oracle WebLogic Server. This critical flaw enables unauthenticated attackers to take control of the server remotely, risking data breaches, service disruptions, and malware infections.
CISA has required all Federal Civilian Executive Branch agencies to fix this vulnerability by January 28, 2025, highlighting its urgency.
