The Pakistan Telecommunication Authority (PTA) has issued a critical cybersecurity advisory regarding a vulnerability in Oracle WebLogic Server, which is being actively exploited by cyber attackers.
The alert is in response to a recent report from the US Cybersecurity and Infrastructure Security Agency (CISA), which disclosed that attackers are exploiting a grievous OS command injection vulnerability, CVE-2017-3506. Using specially crafted HTTP queries that contain malicious XML documents, attackers can exploit this vulnerability to execute arbitrary code. The cryptojacking group 8220 Gang has previously exploited the vulnerability, which has a CVSS score of 7.4, to construct botnets for cryptocurrency mining.
The vulnerability affects several versions of Oracle WebLogic Server, including versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, and 12.2.1.2. This vulnerability is classified as a Remote Code Execution (RCE) threat, which could enable attackers to remotely compromise systems, thereby presenting a substantial risk to organizations that have not implemented the requisite security policies.
PTA has advised organizations that are utilizing these affected versions of WebLogic Server to promptly implement the most recent upgrades and updates to protect their systems. The advisory also recommends that administrators monitor their systems for any indications of anomalous activity that could suggest an attempt to exploit the vulnerability.
To strengthen security, PTA suggests the implementation of multi-factor authentication (MFA) to improve registration protection and prevent unauthorized access. Furthermore, the advisory underscores the significance of network segmentation to mitigate the effects of potential attacks on critical systems and contain them. Additionally, organizations are advised to implement a proactive patch management strategy to guarantee that all systems receive punctual updates.
PTA has underscored the importance of these measures in order to protect against potential cybercriminal exploits. The authority has advised affected entities to promptly report incidents through the CERT Portal or email in the event of a security breach.
The PTA’s advisory is a timely reminder for businesses and organizations to strengthen their cybersecurity defenses as cyber threats continue to evolve.