The Pakistan Telecommunication Authority (PTA) has issued a cybersecurity advisory regarding a critical vulnerability in Oracle WebLogic Server, which is actively being exploited. The vulnerability, identified as CVE-2017-3506, allows attackers to execute arbitrary code by sending crafted HTTP requests containing malicious XML documents. This flaw, with a CVSS score of 7.4, has been used by the 8220 Gang cryptojacking group to create botnets for cryptocurrency mining.
The vulnerability affects multiple versions of Oracle WebLogic Server, including versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, and 12.2.1.2. This issue is classified as a Remote Code Execution (RCE) threat, which allows attackers to compromise systems remotely.
Read More: PTA Initiates Nationwide VPN Blocking
In response, the PTA has recommended that organizations using affected WebLogic Server versions apply the latest security patches and upgrades immediately. They also advise monitoring systems for unusual activity, which could indicate exploitation attempts, and implementing multi-factor authentication (MFA) to secure logins.
Additional measures include network segmentation to isolate threats and reduce potential impact, as well as establishing a proactive patch management process to ensure timely updates. The PTA also urges organizations to report any security incidents through its CERT Portal or via email for assistance.
