Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

CVE-2020-2551

Disclosure Date: January 15, 2020 •

CVE-2020-2551 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by ccondon-r7 and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Discovery

Techniques

Validation

System Service Discovery

Validated

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Add Assessment

busterb (321)

January 21, 2020 3:47pm UTC (4 years ago)•Edited 7 months ago

Ratings

Attacker Value

Very High

Exploitability

Very High

Technical Analysis

Based on other WebLogic vulnerabilities and the rich ecosystem of offensive tools against it, I have a good idea this will be useful without doing a whole lot of specific research. Mitigation strength is place at medium simply because WebLogic is a rich target, and extra care will need to be made by the user to ensure that awareness of future vulnerabilities and health of an installation is closely monitored.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

oracle

Products

weblogic server 10.3.6.0.0,
weblogic server 12.1.3.0.0,
weblogic server 12.2.1.3.0,
weblogic server 12.2.1.4.0

Exploited in the Wild

Reported by:

ccondon-r7 indicated source as Government or Industry Alert

Reported: August 30, 2023 12:49am UTC (7 months ago)

inokii indicated sources as

Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Other: CISA Gov Alert (https://www.cisa.gov/news-events/alerts/2023/11/16/cisa-adds-three-known-exploited-vulnerabilities-catalog)

Reported: November 23, 2023 5:34am UTC (4 months ago)

References

Canonical

CVE-2020-2551 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2551)

Exploit

The following exploit POCs have not been verified by Rapid7 researchers, but are sourced from: nomi-sec/PoC-in-GitHub.
Additional sources will be added here as they become relevant.
Notes: We will only add the top 3 POCs for a given CVE. POCs added here must have at least 2 GitHub stars.

Exploit (https://github.com/hktalent/CVE-2020-2551)

Miscellaneous

https://www.oracle.com/security-alerts/cpujan2020.html

Rapid7

Very High

CVE-2020-2551

Very High

Very High

None

None

Network

CVE-2020-2551

Description