Security advisories | Oct 28, 2020
Critical Oracle Remote Code Execution Vulnerability
THE THREAT
Technical details of the Oracle Remote Code Execution (RCE) vulnerability CVE-2020-14882 were publicly released on October 28, 2020 [1]. This vulnerability affects multiple versions of the Oracle WebLogic Server. Exploitation of CVE-2020-14882 is considered trivial and can result in the full takeover of vulnerable Oracle WebLogic Servers.
eSentire assesses with high confidence that public exploitation of CVE-2020-14882 by threat actors is imminent. Organizations are strongly recommended to apply the official security patches as soon as possible.
What we’re doing about it
- MVS has a local plugin to identify this vulnerability
- Successful authenticated scans against Oracle WebLogic servers since October 22nd, 2020, would have highlighted this vulnerability - for assistance or confirmation, please contact your MVS consultant or the eSentire Security Operations Center (SOC)
- eSentire security teams continue to track this topic for detection opportunities and the release of Proof-of-Concept (PoC) exploit code
What you should do about it
- After performing a business impact review, apply the official security patches [2]
Additional information
CVE-2020-14882 received a base criticality rating of 9.8 out of 10.
The vulnerability resides in the Oracle WebLogic Server product of Oracle Fusion Middleware. In order to exploit CVE-2020-14882, a threat actor requires network access via HTTP. Exploitation is achieved via a malicious POST request.
In the October Oracle patch on October 21st, multiple other critical vulnerabilities were released. Other vulnerabilities of specific note include CVE-2020-14841, CVE-2020-14825, and CVE-202014859. Organizations are recommended to ensure that all Oracle systems are up to date with the most recent security updates.
Affected Oracle Versions:
- 10.3.6.0.0
- 12.1.3.0.0
- 12.2.1.3.0
- 12.2.1.4.0
- 14.1.1.0.0.
References: