Login Sign Up

CVE-2017-3234

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability in Oracle Support Tools' Automatic Service Request (ASR) component allows unauthenticated attackers with network access to completely compromise the ASR service via the SFT protocol. It affects ASR Manager versions prior to 5.7, enabling attackers to take full control of the service with high impact on confidentiality, integrity, and availability.

💻 Affected Systems

Products:
  • Oracle Support Tools
  • Automatic Service Request (ASR)
  • ASR Manager
Versions: Prior to 5.7
Operating Systems: All platforms running Oracle Support Tools
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the ASR Manager subcomponent specifically. Requires network access via SFT protocol.

📦 What is this software?

Automatic Service Request by Oracle

View all CVEs affecting Automatic Service Request →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete takeover of the ASR service, allowing attackers to execute arbitrary code, steal sensitive system information, disrupt service operations, and potentially pivot to other systems.

🟠

Likely Case

Remote code execution leading to system compromise, data exfiltration, and service disruption of the ASR component.

🟢

If Mitigated

Limited impact if network access is restricted and proper segmentation is in place, though the vulnerability remains present in the software.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS indicates easily exploitable by unauthenticated attackers with network access via SFT.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.7 or later

Vendor Advisory: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Restart Required: Yes

Instructions:

1. Download and apply the latest Oracle Support Tools patch from My Oracle Support. 2. Update ASR Manager to version 5.7 or later. 3. Restart the ASR service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to ASR Manager service to only trusted hosts/networks

Use firewall rules to block SFT protocol (typically TCP port 443) from untrusted networks

Service Disablement

all

Temporarily disable ASR Manager if not required

systemctl stop asr-manager (Linux)
sc stop "Oracle ASR Manager" (Windows)

🧯 If You Can't Patch

  • Implement strict network access controls to limit SFT protocol access to only necessary administrative systems
  • Monitor ASR Manager logs and network traffic for suspicious activity and unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check ASR Manager version: On Linux: 'asrctl version' or check installation directory. On Windows: Check program files or registry for version information.

Check Version:

asrctl version (Linux) or check Oracle Support Tools documentation for Windows

Verify Fix Applied:

Verify ASR Manager version is 5.7 or later using the same version check commands, then test ASR functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to ASR Manager
  • Unexpected service restarts or crashes
  • Unusual process creation from ASR service

Network Indicators:

  • SFT protocol traffic from unexpected sources
  • Multiple connection attempts to ASR Manager port
  • Unusual data transfers from ASR service

SIEM Query:

source="asr-manager.log" AND (event="access denied" OR event="unauthorized" OR event="error")

📊 Metadata

CVE ID: CVE-2017-3234
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: April 24, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON