Security News > 2023 > September > CISA warns of critical Apache RocketMQ bug exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities a critical-severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform.
CISA is warning federal agencies that they should patch the CVE-2023-33246 vulnerability for Apache RocketMQ installations on their systems by September 27.
The cybersecurity agency notes that an attacker can exploit the issue "By using the update configuration function to execute commands as the system users that RocketMQ is running."
Leveraging the issue is possible because multiple RocketMQ components that include NameServer, Broker, and Controller, are exposed on the public internet, making them a target for hackers.
Trying to find how many potential RocketMQ targets are exposed online, the researcher looked for hosts with the TCP port 9876 used by the RocketMQ Nameserver and found about 4,500 systems.
CISA warns of critical Citrix ShareFile flaw exploited in the wild.
News URL
Related news
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks (source)
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
- CISA warns of hackers targeting critical oil infrastructure (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2023-33246 | Unspecified vulnerability in Apache Rocketmq For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. | 9.8 |