What is the attack?A threat actor known as “8220 Gang” is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and CVE-2023-21839 is an insecure deserialization vulnerability. CISA recently added the Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog on 3 June 2023.What is the recommended Mitigation?Apply the most recent patch released by Oracle. In the advisory, Oracle mentioned that they continue to receive reports of exploitation attempts.What FortiGuard Coverage is available?FortiGuard customers remain protected by the IPS signatures available for both vulnerabilities. FortiGuard Outbreak Alert is available to review for full coverage and the FortiGuard Incident Response team can be engaged to help with any suspected compromise.
Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)
Read Time:39 Second