virus logo Threat Signal Report

Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)

Description

What is the attack?

A threat actor known as Water Sigbin (aka the 8220 Gang) is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and CVE-2023-21839 is an insecure deserialization vulnerability. CISA recently added the Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog on 3 June 2023.

What is the recommended Mitigation?

Apply the most recent patch released by Oracle. In the advisory, Oracle mentioned that they continue to receive reports of exploitation attempts.

What FortiGuard Coverage is available?

  • FortiGuard customers remain protected by the IPS signatures available for both vulnerabilities.

  • FortiGuard Outbreak Alert is available to review the full coverage.

  • FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Appendix

8220 Gang Evolves with New Strategies (trendmicro.com)
Oracle Critical Patch Update Advisory - April 2017
Oracle Critical Patch Update Advisory - January 2023
Outbreak Alert | FortiGuard Labs
Threat Signal Report | FortiGuard Labs


Date Jun 04, 2024
CVE ID CVE-2023-21839
CVE-2017-3506
Threat/
Vulnerability		 Threat
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services