The Pakistan Telecommunication Authority (PTA) has issued a security alert about a vulnerability being actively exploited in Oracle WebLogic Server.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that hackers are exploiting a serious operating system (OS) command injection flaw, known as CVE-2017-3506. This vulnerability lets attackers run unauthorized code by sending malicious HTTP requests with customized XML files.
Rated 7.4 on the Common Vulnerability Scoring System (CVSS), this flaw has been previously exploited by the cryptojacking group 8220 Gang to create botnets for cryptocurrency mining.
The alert specifies that several Oracle WebLogic Server versions—10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, and 12.2.1.2—are affected by this Remote Code Execution (RCE) vulnerability, which allows attackers to remotely access systems. PTA has advised organizations using WebLogic Server to strengthen their security defenses.
PTA strongly recommends that users of affected versions immediately install the latest patches and updates to protect their networks. They should also monitor their systems for unusual activity, which may signal an attempt to exploit the flaw. Enabling multi-factor authentication (MFA) is encouraged to enhance login security and prevent unauthorized access.
The advisory also suggests using network segmentation to contain and isolate potential threats, reducing the risk to critical systems. Organizations are urged to adopt a proactive approach to patch management to ensure security updates are applied promptly across all systems and software.
