Overview
The Critical Patch Update (CPU) for October 2020 released by Oracle contains a high-risk WebLogic Consoleremote code execution vulnerability (CVE-2020-14882).
The vulnerability can be triggered without authentication and has an extensive impact.
Unauthenticated attackers might construct special HTTP GET requests to exploit this vulnerability to execute arbitrary code on the affected WebLogic Server.
According to Oracle, the CVSS base score of this vulnerability is 9.8.
For details about the Oracle CPU, please visit the following link:
Affected Versions
- Oracle Weblogic Server 10.3.6.0.0
- Oracle Weblogic Server 12.1.3.0.0
- Oracle Weblogic Server 12.2.1.3.0
- Oracle Weblogic Server 12.2.1.4.0
- Oracle Weblogic Server 14.1.1.0.0
Technical Solutions
Official Fix
The Oracle CPU has released patches to fix the preceding vulnerability. Affected users are advised to download and install the patches as soon as possible.
Note: Official patches of Oracle can be downloaded only by those with a licensed account of the software. Such users can use that account to log in to https://support.oracle.com to obtain the latest patches.
NSFOCUS’s Recommendations
- Using NSFOCUS’s Detection Products or Services
For intranet assets, use NSFOCUS Intrusion Detection System (NIDS) and Unified Threat Sensor (UTS) to check for the vulnerability:
- NSFOCUS Intrusion Detection System (NIDS)
- Upgrade Package/Rule Base Versions of Detection Products
| Detection Product | Upgrade Package/Rule Base Version |
| IDS | 5.6.10.23802, 5.6.9.23802 |
| UTS | 5.6.10.23802 |
- NIDS upgrade package download link:
5.6.10.23802
5.6.9.23802
- UTS upgrade package download link:
- Using NSFOCUS’s Protection Products to Detect the Vulnerability
Use NSFOCUS protection products, such as NSFOCUS Intrusion Protection System (NIPS), Web Application Firewall (WAF), and Next-Generation Firewall (NF), to defend against the vulnerability.
- NSFOCUS Intrusion Protection System (NIPS)
- Web Application Firewall (WAF)
- Next-Generation Firewall (NF)
- Upgrade Package/Rule Base Versions of Protection Products
| Protection Product | Upgrade Package/Rule Base Version | Rule ID |
| IPS | 5.6.10.23802, 5.6.9.23802 | 25079 |
| WAF | 6.0.7.1.46624, 6.0.7.0.46624 | 27526197 |
| NF | 6.0.2.832, 6.0.1.832 | 25079 |
- NIPS upgrade package download link:
5.6.10.23802
5.6.9.23802
- WAF upgrade package download link:
6.0.7.1.46624
6.0.7.0.46624
- NF upgrade package download link:
6.0.2.832
6.0.1.832
- Security Platforms
| Platform | Upgrade Package/Rule Base Version |
| NSFOCUS Intelligent Security Operation Platform (ISOP) | Alerts have been generated for the vulnerability. |
| NSFOCUS Threat Analysis and Management Platform (TAM) | Rules are available to protect against the vulnerability. |
Appendix A: Product Use Guides
- Protection Configuration on NIPS
On NIPS, under System > System Update > Offline Update, browse to the update file just downloaded and click Upload.
After the update is installed, find the rule by ID in the default rule base and view rule details.
Note: After the update is installed, the engine automatically restarts to make it take effect, which does not disconnect any sessions, but may cause the loss of three to five packets during ping operations. Therefore, it is recommended that the update be installed at an appropriate time.
- Protection Configuration on WAF
On WAF, choose System Management > System Tools > Rule Upgrade.
Under Manual Upgrade, browse to the upgrade package and click Submit.
- Protection Configuration on NF
On the web-based manager of NSFOCUS NF, under System > System Upgrade > Offline Upgrade, browse to the update file and click Upload.
Wait for the installation to complete.
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
