Threat Signal ReportActive Exploitation of Apache RocketMQ updateConfig Command Execution Vulnerability (CVE-2023-33246)
Description
| What is VMware Apache RocketMQ? |
Apache RocketMQ is an open-source distributed messaging middleware developed by the Alibaba. It was later donated to Apache.
|
| What is the Attack? | CVE-2023-33246 is a command injection vulnerability that affects Apache RocketMQ versions 5.1 and lower. Successful exploitation of the vulnerability allows a remote attacker to execute commands as the system user under which RocketMQ is running by using the update configuration function.
|
| Why is this Significant? |
This is significant because CVE-2023-33246 is reportedly being exploited in the wild. Additionally, proof-of-concept (PoC) code is publicly available. As such, attacks that leverage the vulnerability are expected to increase.
FortiGuard Labs advises that the patch should be applied as soon as possible. |
|
What is the Vendor Solution?
|
Apache released RocketMQ version 5.1.1 on May 19th, 2023 to address the issue.
|
| What FortiGuard Coverage is available? | FortiGuard Labs has released a new IPS signature "Apache.RocketMQ.updateConfig.Command.Execution" in version 24.593. For a full comprehensive lists of protections from FortiGuard Labs, please visit the Outbreak Alert page for further details. |
Telemetry
Appendix
Apache RocketMQ Remote Command Execution Vulnerability (Outbreak Alert)
CVE-2023-33246 (MITRE)
✖