eSentire White Logo

Security advisories | Oct 28, 2020

Critical Oracle Remote Code Execution Vulnerability

THE THREAT

Technical details of the Oracle Remote Code Execution (RCE) vulnerability CVE-2020-14882 were publicly released on October 28, 2020 [1]. This vulnerability affects multiple versions of the Oracle WebLogic Server. Exploitation of CVE-2020-14882 is considered trivial and can result in the full takeover of vulnerable Oracle WebLogic Servers.

eSentire assesses with high confidence that public exploitation of CVE-2020-14882 by threat actors is imminent. Organizations are strongly recommended to apply the official security patches as soon as possible.

What we’re doing about it

  • MVS has a local plugin to identify this vulnerability
    • Successful authenticated scans against Oracle WebLogic servers since October 22nd, 2020, would have highlighted this vulnerability - for assistance or confirmation, please contact your MVS consultant or the eSentire Security Operations Center (SOC)
  • eSentire security teams continue to track this topic for detection opportunities and the release of Proof-of-Concept (PoC) exploit code

What you should do about it

  • After performing a business impact review, apply the official security patches [2]

Additional information

CVE-2020-14882 received a base criticality rating of 9.8 out of 10.

The vulnerability resides in the Oracle WebLogic Server product of Oracle Fusion Middleware. In order to exploit CVE-2020-14882, a threat actor requires network access via HTTP. Exploitation is achieved via a malicious POST request.

In the October Oracle patch on October 21st, multiple other critical vulnerabilities were released. Other vulnerabilities of specific note include CVE-2020-14841, CVE-2020-14825, and CVE-202014859. Organizations are recommended to ensure that all Oracle systems are up to date with the most recent security updates.

Affected Oracle Versions:

  • 10.3.6.0.0
  • 12.1.3.0.0
  • 12.2.1.3.0
  • 12.2.1.4.0
  • 14.1.1.0.0.

References:

[1] https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf

[2] https://www.oracle.com/security-alerts/cpuoct2020.html;