January 11, 2024 at 10:21AM
Cybersecurity researchers have developed a proof-of-concept code exploiting a critical flaw in Apache OFBiz, allowing memory-resident payload execution. Despite a fix in version 18.12.11, threat actors attempt to exploit the flaw, aiming at vulnerable instances. The CVE-2023-51467 allows remote code execution, posing a serious threat despite security guardrails.
Based on the meeting notes, it is clear that a critical vulnerability (CVE-2023-51467) has been discovered in the Apache OFBiz open-source ERP system, which allows threat actors to execute a memory-resident payload. Although a fix was issued in the recent version 18.12.11, threat actors have been observed attempting to exploit the flaw. Notably, this vulnerability allows for remote code execution and poses a significant risk due to the ability to execute a payload directly from memory, leaving minimal traces of malicious activity.
Furthermore, it is highlighted that previous security flaws in Apache OFBiz have been exploited in the past, and the system continues to attract attention from both defenders and attackers. Despite security guardrails being in place, there remain concerns about the incomplete nature of the sandbox, which could enable an attacker to obtain a bash reverse shell on Linux systems.
VulnCheck’s Chief Technology Officer has emphasized the significance of the vulnerability, stating that their exploit is a cross-platform solution that works on both Windows and Linux and that they have achieved arbitrary in-memory code execution.
Overall, the notes highlight the urgency of addressing this critical vulnerability and the potential impact it could have if exploited by threat actors.