Hack Reports - Latest Cybersecurity News, Trends & Updates

CISA warns of critical Oracle, Mitel flaws exploited in attacks

Geetansh -

Latest News on CISA, Oracle, and Mitel Vulnerabilities

CISA Warnings and Vulnerabilities

  1. Mitel MiCollab Vulnerabilities:

    • CVE-2024-35286 and CVE-2024-41713: Security flaws in Mitel MiCollab have been identified, which could allow unauthorized access and arbitrary file read vulnerabilities24.
    • Path Traversal Vulnerability: Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized access4.

  2. CISA's Known Exploited Vulnerabilities Catalog (KEV):

    • The KEV catalog includes over 1,200 vulnerabilities, with recent additions including those from Mitel MiCollab. This catalog helps prioritize vulnerability remediation based on active exploitation by threat actors5.

  3. Cybersecurity Threats and Initiatives:

    • CISA has been actively addressing cybersecurity threats, including the introduction of the KEV Catalog to help manage vulnerabilities and the Pre-Ransomware Notification Initiative (PRNI) to provide early warnings for ransomware attacks5.

Critical Security Flaws

  1. Mitel MiCollab Unauthorized Access Attack:

    • Security flaws in Mitel MiCollab, including CVE-2024-35286 and CVE-2024-41713, have been found, putting many organizations at risk of unauthorized access and arbitrary file read attacks24.

  2. Other Vulnerabilities:

    • Other notable vulnerabilities include:
      • Cleo Multiple Products Unrestricted File Upload Vulnerability (CVE-2024-50623): This vulnerability could lead to remote code execution and affects multiple Cleo products2.
      • Ivanti Cloud Services Application (CSA) Vulnerabilities (CVE-2024-11639, CVE-2024-11772, CVE-2024-11773): These vulnerabilities could lead to privilege escalation and code execution, affecting Ivanti's Cloud Services Application2.

CISA's Role in Cybersecurity

  1. CISA's Mission and Initiatives:

    • CISA is focused on driving collaborative efforts to reduce cyber risks and strengthen resilience for critical infrastructure and the private sector. Initiatives include the KEV Catalog, Cybersecurity Performance Goals (CPGs), and the PRNI5.

  2. Federal Cybersecurity Policy:

    • The federal government is addressing cybersecurity through various policies, including the CIRCIA NPRM, which aims to establish a framework for transactions involving sensitive personal data and government-related data. This framework includes recordkeeping and reporting requirements that some industry comments have characterized as data monitoring and surveillance3.

Summary

  • Mitel MiCollab Vulnerabilities: Critical security flaws in Mitel MiCollab, including CVE-2024-35286 and CVE-2024-41713, have been identified, posing a significant risk to organizations.
  • CISA's KEV Catalog: The KEV Catalog is a critical resource for managing vulnerabilities, with over 1,200 entries, including those from Mitel MiCollab.
  • CISA Initiatives: CISA is actively addressing cybersecurity threats through initiatives like the KEV Catalog, CPGs, and the PRNI, aiming to enhance collective resilience against cyber threats.

These updates reflect the ongoing efforts by CISA to address and mitigate critical cybersecurity threats, ensuring the protection of sensitive data and infrastructure.