New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server.

According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers.

Oracle WebLogicis a Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on the cloud, which is popular across both, cloud environment and conventional environments.

The reported vulnerability is a deserialization issue via XMLDecoder in Oracle WebLogic Server Web Services that could allow unauthorized remote attackers to execute arbitrary code on the targeted servers and take control over them.

“This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password,” the advisory said.

In a separate note, the company also revealed that the flaw is related to a previously known deserialization vulnerability (CVE-2019-2725) in Oracle WebLogic Server that it patched in April this year.

The previously patched RCE flaw in Oracle WebLogic was also exploited by attackers as a zero-day i.e., to distribute Sodinokibi ransomware and cryptocurrency mining malware.

Reported independently by a separate group of individuals and organizations, the new vulnerability affects Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0

Due to the severity of this vulnerability, the company has recommended affected users and companies to install available security updates as soon as possible.

Other Important Security Updates from Oracle

Besides this, Cisco today also released several other software updates for various of its products that to addresses some critical and high severity vulnerabilities.

• Cisco TelePresence — a video conferencing system by Cisco, the software contains a high severity vulnerability that could allow remote attackers to execute arbitrary shell commands or scripts on the targeted device just by sending crafted CDP packets to an affected device.
• Cisco SD-WAN Solution — The vManage web-based interface of the software-defined WAN solutions by Cisco contains three flaws, two of which have been rated high in severity, and one is critical. Two of these allow an attacker to elevate his privileges to the root user, whereas one flaw could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.
• Cisco Router Management Interface — Cisco’s RV110W, RV130W, and RV215W Routers contains a denial-of-service vulnerability that could allow an unauthenticated attacker to cause a reload of an affected device. Another flaw in this product affected by a medium severity issue that could expose the list of devices that are connected to the guest network to remote attackers.

Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.