Unauthenticated Remote Code Execution in IIOP protocol via Malicious JNDI Lookup.
Stroz Friedberg’s Cyber Solutions recently discovered a security vulnerability in WebLogic Server version v12.2.1.4 and below allowing for unauthenticated remote code execution. The vulnerability is present in the IIOP service that runs by default and listens on an external interface. This issue was discovered by Stefano Ciccone.
Stroz Friedberg would like to thank Oracle for working with us as part of our coordinated disclosure process.
CVE-2020-2551: Unauthenticated Remote Code Execution in IIOP protocol via Malicious JNDI Lookup
Using the WebLogic libraries, it is possible to create a payload that causes a remote IIOP server to initialize a Java object that invokes a JNDI lookup to an attacker-controlled server, leading to code execution.
Exploitation of malicious JNDI lookups can be achieved in several ways. References are provided below, including a tool that can be used to respond to JNDI lookups from vulnerable applications.
LevelBlue secures what's next with intelligence-led security delivering visibility and speed to stop threats faster. As the world’s largest and most analyst-recognized pure-play managed security services provider, our AI-powered managed services and cyber expertise across managed, advisory, and incident response services help clients operate with confidence. Learn more about us.
