virus logo Threat Signal Report

Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604)

Description

What is the Attack? Ransomware attackers are targeting servers running outdated and vulnerable versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). CVE-2023-46604 is an unauthenticated deserialization vulnerability in ActiveMQ's OpenWire transport connector. Successful exploitation allows an attacker to execute arbitrary code with the same privileges of the ActiveMQ server.
What is the Vendor Solution? Apache has released the patches to address CVE-2023-46604 and can be found here.
What FortiGuard Coverage is available? FortiGuard Labs has released an Endpoint Vulnerability Signature "Apache ActiveMQ CVE-2023-46604 Remote Code Execution Vulnerability" to detect any vulnerable systems on customers network and is currently investigating an IPS protection for the CVE-2023-46604 and will update once available.
If you are unable to patch the Apache ActiveMQ systems, you should immediately block the systems from being accessible from the Internet, which will limit the attack surface.

description-logoOutbreak Alert

Ransomware attackers are targeting servers running outdated and vulnerable versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604).

View the full Outbreak Alert Report

Telemetry

Appendix

CVE-2023-46604 (MITRE)

 Apache ActiveMQ updates 


ID 70
Date Nov 06, 2023
Outbreak Alert Apache ActiveMQ Attack
CVE ID CVE-2023-46604
Threat Actor Type Ransomware
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert