The Pakistan Telecommunication Authority (PTA) has issued a security warning concerning a vulnerability currently being exploited in Oracle WebLogic Server.
The US Cybersecurity and Infrastructure Security Agency (CISA) recently pointed out that cybercriminals are taking advantage of a severe OS command injection weakness, identified as CVE-2017-3506. This flaw allows malicious actors to execute arbitrary code by submitting harmful HTTP requests with specially crafted XML files.
With a CVSS rating of 7.4, this vulnerability has previously been leveraged by the cryptojacking group 8220 Gang to establish botnets for digital currency mining.
The notification specifies that multiple versions of Oracle WebLogic Server, such as 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, and 12.2.1.2, are vulnerable to this defect. Labeled as a Remote Code Execution (RCE) threat, it enables attackers to potentially breach systems from a distance. This critical advisory highlights the need for organizations utilizing WebLogic Server to enhance their cybersecurity defenses.
PTA urges users of affected Oracle WebLogic Server versions to quickly apply the most recent patches and updates to secure their networks. Other recommendations include keeping an eye on systems for abnormal activity, which may suggest an effort to exploit the flaw. PTA also emphasizes the need for enabling multi-factor authentication (MFA) to boost login security and reduce the chances of unauthorized access.
The advisory further proposes implementing network segmentation to contain and isolate potential threats, limiting their effects on vital systems. Organizations are also advised to adopt a proactive patch management approach to ensure timely deployment of security fixes across all systems and software.
Follow Us on Google News
