November 1, 2023 at 02:11PM
Over 3,000 internet-exposed Apache ActiveMQ servers are vulnerable to a critical newly disclosed remote code execution (RCE) vulnerability, known as CVE-2023-46604. Exploiting this flaw allows attackers to execute arbitrary shell commands. The vulnerability affects various versions of ActiveMQ, but patches have been released to address the issue. Researchers have found 3,329 servers running a vulnerable version of ActiveMQ, with most located in China. The exploit could lead to message interception, workflow disruption, data theft, and network compromise. Applying the security updates promptly is crucial due to publicly available technical details on exploiting the vulnerability.
Key takeaways from the meeting notes:
– Over 3,000 Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability.
– The vulnerability, known as CVE-2023-46604, allows attackers to execute arbitrary shell commands by exploiting serialized class types in the OpenWire protocol.
– The affected versions of Apache ActiveMQ and Legacy OpenWire Module are listed as follows:
– 5.18.x versions before 5.18.3
– 5.17.x versions before 5.17.6
– 5.16.x versions before 5.16.7
– All versions before 5.15.16
– Fixes for the vulnerability have been released with versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3, and it is recommended to upgrade to these versions.
– Researchers from ShadowServer found 3,329 vulnerable ActiveMQ servers out of a total of 7,249 servers they accessed.
– Most of the vulnerable servers are located in China, followed by the United States, Germany, India, the Netherlands, Russia, France, and South Korea.
– Exploiting the CVE-2023-46604 vulnerability could lead to message interception, workflow disruption, data theft, and network lateral movement.
– It is crucial to apply the security updates promptly as technical details on exploiting the vulnerability are publicly available.