PTA sounds cyber alert for Oracle WebLogic Server vulnerability

Classified as a Remote Code Execution threat, Oracle WebLogic Server flaw allows attackers to remotely hack systems
An undated image of Orcale. — iStock
An undated image of Orcale. — iStock

The Pakistan Telecommunication Authority (PTA) has sounded a cybersecurity alarm about an Oracle WebLogic Server loophole malicious elements are actively exploiting.

The warning advisory follows the US Cybersecurity and Infrastructure Security Agency (CISA) reporting that hackers are misusing a critical OS command injection flaw dubbed CVE-2017-3506.

The flaw enables cyber attackers to launch arbitrary code by sending meticulously crafted HTTP requests with malicious XML documents. 

Gauged at a CVSS score of 7.4, the backdoor vulnerability has also been exploited by the cryptojacking group 8220 Gang earlier to create botnets to mine cryptocurrency.

As per the PTA advisory, the error is crippling various versions of Oracle WebLogic Server, including 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, and 12.2.1.2, urging WebLogic Server-reliant organisations to raise their cybersecurity measures.

Classified as a Remote Code Execution threat, the flaw also allows attackers to take on systems remotely.

Firms using the affected Oracle WebLogic Server versions are advised to immediately apply the latest patches and upgrades to protect their systems.

Other indications mentioned in the advisory include monitoring systems for any unusual activity, which may be a sign of an attempt to exploit the vulnerability.

The telecom regulator also stressed the implementation of multi-factor authentication (MFA) to set an additional layer of login security, essential to mitigate risks associated with compromised access.