CVE-2023-33246

Published May 24, 2023

Last updated 10 days ago

Exploit knownCVSS critical 9.8

Overview

Description
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
Source
security@apache.org
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Apache RocketMQ Command Execution Vulnerability
Exploit added on
Sep 6, 2023
Exploit action due
Sep 27, 2023
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

security@apache.org
CWE-94

Social media

Hype score
Not currently trending

  1. Threat Alert: Perfctl malware exploiting exposed Portainer agent and using new SSH persistence CVE-2021-4043 CVE-2023-33246 CVE-2021-4034 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/USc4CE0FKR #CyberSecurity #ThreatIntel #InfoSec (1/3)

    @fletch_ai

    19 Dec 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    23 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    20 Nov 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    17 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    10 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    8 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    4 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    30 Oct 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    29 Oct 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    25 Oct 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    23 Oct 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    20 Oct 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2023-33246

    @transilienceai

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References