CVE CyberSecurity Database News

CVE-2024-21181 - Critical Vulnerability in Oracle WebLogic Server Allowing Unauthenticated Takeover

Poster -

A critical vulnerability exists in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). This vulnerability, assigned the Common Vulnerabilities and Exposures (CVE) identification number CVE-2024-21181, affects supported versions 12.2.1.4. and 14.1.1.. of the Oracle WebLogic Server. The vulnerability is easily exploitable by an unauthenticated attacker through network access via T3 and IIOP, potentially allowing them to compromise the Oracle WebLogic Server completely by gaining unauthorized access and control. Its severity has warranted a Common Vulnerability Scoring System (CVSS) 3.1 Base Score of 9.8, due to its potential to severely impact confidentiality, integrity, and availability. The associated CVSS Vector for this vulnerability is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The following code snippet demonstrates the vulnerability in the Oracle WebLogic Server

public class WebLogicExploit {
    public static void main(String[] args) {
        try {
            InitialContext ctx = new InitialContext();
            T3ConnectionFactory t3Factory = (T3ConnectionFactory) ctx.lookup("oracle/weblogic/rmi/t3/Transport");
            IIOPConnectionFactory iiopFactory = (IIOPConnectionFactory) ctx.lookup("oracle/weblogic/rmi/iiop/Transport");
            // Obtain unauthorized access and compromise the server
            ...
         } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

This code snippet demonstrates how an unauthorized attacker can look up the T3 and IIOP transport interfaces to carry out the attack.

Exploit Details

The exploit works by taking advantage of weaknesses in the T3 and IIOP communication protocols used by the Oracle WebLogic Server. These protocols are responsible for communication between the server and clients. The vulnerability lies in the lack of proper access control measures and authentication mechanisms for the T3 and IIOP transport interfaces. Given this, an attacker with knowledge of the affected server can exploit these interfaces to gain unauthorized access.

Once the attacker has gained access, they can potentially manipulate system resources, steal sensitive data, and execute unauthorized code. In extreme cases, the attacker can completely compromise the server's functionality, leading to a takeover.

As mentioned earlier, the CVSS 3.1 Base Score for this vulnerability is 9.8, which highlights the high severity of the issue.

Original References

For more information and details on the vulnerability, you can refer to the official Oracle Security Alert for CVE-2024-21181 and National Vulnerability Database (NVD) - CVE-2024-21181.

Conclusion

The CVE-2024-21181 vulnerability poses a serious risk to systems running Oracle WebLogic Server versions 12.2.1.4. and 14.1.1... Given the ease of exploitability and the high severity of the security threat, it is crucial for organizations utilizing these vulnerable server versions to apply the necessary security patches and updates as soon as possible. Regular vulnerability assessments and network monitoring can further ensure that your systems remain secure and resilient against such security threats.

Timeline

Published on: 07/16/2024 23:15:22 UTC
Last modified on: 07/17/2024 13:34:20 UTC