Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night.
Johannes Ullrich, dean of research at the SANS Technology Institute, said his organization’s honeypots had detected Internetwide scans that probe for vulnerable servers. CVE-2020-14882, as the vulnerability is tracked, has a severity rating of 9.8 out of 10 on the CVSS scale. Oracle’s October advisory accompanying a patch said exploits are low in complexity and require low privileges and no user interaction.
“At this point, we are seeing the scans slow down a bit,” Ullrich wrote in a post. “But they have reached ‘saturation’ meaning that all IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised.”