Actively exploited vulnerability

CVE-2023-33246: Apache RocketMQ Command Execution Vulnerability

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content.

CISA KEV source 6 Sep 2023 added 27 Sep 2023 remediation due

Affected product

Apache · RocketMQ

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2023-33246.

Bleeping Computer6 Jan 2024

Hackers target Apache RocketMQ servers vulnerable to RCE attacks

Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. [...]

Bleeping Computer8 Sep 2023

CISA warns of critical Apache RocketMQ bug exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical-severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform. [...]