Full Report
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker
Analysis Summary
# Vulnerability: Critical Flaws in Mitel MiCollab and Oracle WebLogic Server Under Active Exploitation
## CVE Details
- CVE ID: CVE-2024-41713
- CVSS Score: 9.1 (Critical)
- CWE: Path Traversal
- CVE ID: CVE-2024-55550
- CVSS Score: 4.4 (Low/Medium)
- CWE: Path Traversal
- CVE ID: CVE-2020-2883
- CVSS Score: 9.8 (Critical)
- CWE: Not specified
## Affected Systems
- Products: Mitel MiCollab (for CVE-2024-41713 and CVE-2024-55550), Oracle WebLogic Server (for CVE-2020-2883).
- Versions: Specific vulnerable versions are not listed in the summary, but remediation implies previous versions are at risk.
- Configurations: CVE-2020-2883 is exploitable via IIOP or T3 network access.
## Vulnerability Description
**CVE-2024-41713 (Mitel MiCollab):** A path traversal vulnerability allowing an unauthenticated attacker to gain unauthorized and unauthenticated access to the system.
**CVE-2024-55550 (Mitel MiCollab):** A path traversal vulnerability, requiring administrative privileges, that allows an authenticated attacker to read local files due to insufficient input sanitization.
**Chaining Potential:** CVE-2024-41713 can be chained with CVE-2024-55550 to allow an unauthenticated, remote attacker to read arbitrary files on the server.
**CVE-2020-2883 (Oracle WebLogic Server):** A remote code execution vulnerability that can be exploited by an unauthenticated attacker who has network access via the IIOP or T3 protocols.
## Exploitation
- Status: **Active exploitation** cited by CISA (for CVE-2024-41713, CVE-2024-55550, and CVE-2020-2883).
- Complexity: Varies (Vulnerability leveraging CVE-2024-41713 is unauthenticated and remote).
- Attack Vector: Network (for all three vulnerabilities, especially CVE-2020-2883 over IIOP/T3).
## Impact
- Confidentiality: High (Arbitrary file read possible via chaining Mitel flaws; potential information disclosure from RCE/access from Oracle flaw).
- Integrity: High (Potential for unauthorized access or data manipulation based on access gained).
- Availability: Potential Impact (Depends on the specific exploitation path taken).
## Remediation
### Patches
- Patches are implied to be available for all three vulnerabilities, particularly since CISA added them to the KEV catalog. (Note: The summary does not list specific patch versions—users must consult vendor advisories).
- **CVE-2020-2883:** Patched in the April 2020 Critical Patch Update (CPU).
- **CVE-2024-35286 (Related Mitel flaw):** Patched in May 2024.
### Workarounds
- No specific workarounds are detailed in the summary provided.
## Detection
- CISA has included these flaws in its KEV catalog, requiring mandatory remediation by FCEB agencies by **January 28, 2025**.
- Detection methods should focus on monitoring network traffic related to IIOP/T3 on WebLogic, and unusual file access patterns on MiCollab instances.
- No specific Indicators of Compromise (IOCs) are detailed in this summary.
## References
- CISA KEV Catalog Addition: hxxps://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog
- Oracle CPU Advisory for CVE-2020-2883: hxxps://www.oracle.com/security-alerts/cpuapr2020.html
- Previous Mitel Advisory Context (CVE-2024-35286): hxxps://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html
- CVE-2024-41713: hxxps://www.cve.org/CVERecord?id=CVE-2024-41713
- CVE-2024-55550: hxxps://www.cve.org/CVERecord?id=CVE-2024-55550
- CVE-2020-2883: hxxps://www.cve.org/CVERecord?id=CVE-2020-2883