CISA Flags Critical Flaw in Oracle WebLogic Server Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a security flaw affecting the Oracle WebLogic Server. This flaw, now added to the Known Exploited Vulnerabilities (KEV) catalog, is under active exploitation.
Vulnerability Overview: CVE-2017-3506
Tracked as CVE-2017-3506, this vulnerability has a CVSS score of 7.4, indicating a high level of severity. It pertains to an operating system (OS) command injection issue that could allow attackers to gain unauthorized access to vulnerable servers and take full control of them.
Technical Details and Impact
“Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability. This flaw allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document,” CISA explained.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Exploitation by the 8220 Gang
Although CISA did not specify the nature of the attacks exploiting this vulnerability, it is known that the China-based cryptojacking group, 8220 Gang (also known as Water Sigbin), has been exploiting this flaw since early last year. They target unpatched devices to incorporate them into a crypto-mining botnet.
Recent Trends in Exploitation
A recent report by Trend Micro highlights that the 8220 Gang has been leveraging vulnerabilities in Oracle WebLogic Server, including CVE-2017-3506 and CVE-2023-21839, to launch a cryptocurrency miner filelessly in memory. This is achieved using shell or PowerShell scripts, depending on the operating system targeted.
Trending: Offensive Security Tool: Genzai
Sophisticated Techniques Used by Attackers
“The gang employed obfuscation techniques, such as hexadecimal encoding of URLs and using HTTP over port 443, allowing for stealthy payload delivery,” security researcher Sunil Bharti noted. “The PowerShell script and the resulting batch file involved complex encoding, using environment variables to hide malicious code within seemingly benign script components.”
Urgent Mitigation Measures
In response to the active exploitation of CVE-2017-3506, CISA recommends that federal agencies apply the latest patches by June 24, 2024, to safeguard their networks against potential threats.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
