Apache RocketMQ Remote Command Execution Vulnerability
Open source software actively exploited
RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands or by forging the RocketMQ protocol content. CVE-2023-33246 is reportedly being exploited in the wild. Additionally, proof-of-concept (PoC) code is publicly available. Learn More »
Common Vulnerabilities and Exposures
Background
RocketMQ is a distributed messaging and streaming platform. It was open sourced by Alibaba in 2012. In 2016, Alibaba donated RocketMQ to the Apache Software Foundation and is Apache Software Foundation announced it as a Top-level project. According to the vendor, RocketMQ has become the industry standard for financial-grade reliable business messages and is widely used in Internet, big data, mobile Internet, IoT, and other fields.
Threat Radar Overall Score: 4.4
CVSS Rating | 9.0 | |
FortiRecon Score | 92/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 97.31% | |
FortiGuard Telemetry | 1145 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
May 23, 2023: RocketMQ team released patch and advisory about the vulnerability
https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
Jun 22, 2023: FortiGuard Labs released a Threat signal on CVE-2023-33246.
https://www.fortiguard.com/threat-signal-report/5203
29 June, 2023: FortiGuard Labs released an IPS signature to detect and block attacks leveraging CVE-2023-33246 and has blocked attack attempts on upto 1000+ unique IPS devices since the release.
To mitigate the risk completely, users are recommended to upgrade to version 5.1.1 or above for (RocketMQ 5.x) and 4.9.6 or above for using (RocketMQ 4.x).
https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
06 Sept, 2023: CISA added CVE-2023-33246 to its known exploited catalog list (KEV)
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
Web App Security
-
Post-execution
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Business Reputation
IPS Detects and blocks attack attempts related to Apache RocketMQ Remote Command Execution Vulnerability (CVE-2023-33246)
Web App Security Detects and blocks attack attempts related to Apache RocketMQ Remote Command Execution Vulnerability (CVE-2023-33246)
Post-execution
Outbreak Detection
Threat Hunting
Content Update
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Business Reputation Know attackers next move to protect against your business branding.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.