Security News > 2020 > November > Critical bug actively used to deploy Cobalt Strike on Oracle servers
Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices.
Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.
The CVE-2020-14882 remote code execution flaw was patched by Oracle during last month's Critical Patch Update and it was used by attackers to scan for exposed WebLogic servers one week later.
Attackers are using a chain of base64-encoded Powershell scripts to download and install Cobalt Strike payloads on unpatched Oracle WebLogic servers.
Cybersecurity firm Spyse which operates an IT infrastructure search engine discovered over 3,300 exposed Oracle WebLogic servers potentially vulnerable to CVE-2020-14882 exploits.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 0.0 |