Threat Intelligence, Vulnerability Management, Network Security

Attacks aimed at vulnerable Apache RocketMQ servers underway

BleepingComputer reports that internet-exposed Apache RocketMQ servers vulnerable to the critical remote code execution flaws, tracked as CVE-2023-33246 and CVE-2023-37582 the latter of which stemmed from the incomplete fix of the former were discovered by The ShadowServer Foundation to have been scanned by hundreds of hosts around the world daily for attempted exploitation. Exploitation of CVE-2023-33246 could enable command execution through NameServer's update configuration function in the event of address exposure and the lack of permission checks, according to Apache RocketMQ Project Management Committee member and Alibaba Research and Development Engineer Rongtong Jin. "When NameServer addresses are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as," Jin said. Such a development follows the initial usage of the flaw to target Apache RocketMQ systems with an updated DreamBus botnet in August.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.