Apache RocketMQ: Possible remote code execution when using the update configuration function
CVE-2023-37582
Key Information:
- Vendor
Apache
- Status
- Vendor
- CVE Published:
- 12 July 2023
Badges
What is CVE-2023-37582?
The RocketMQ NameServer component is affected by a persistent remote command execution vulnerability. This issue arises when NameServer addresses are improperly exposed on the extranet without adequate permission verification. Attackers can leverage this flaw to exploit the update configuration function, potentially executing arbitrary commands as the system users under which RocketMQ operates. Users are strongly advised to upgrade their NameServer to version 5.1.2 or later for RocketMQ 5.x and to version 4.9.7 or later for RocketMQ 4.x to mitigate these risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Apache RocketMQ 5.0.0 <= 5.1.1
Apache RocketMQ 0 <= 4.9.6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
SangforCVE-2023-37582CVE-2023-37582: Apache RocketMQ Remote Command Execution Vulnerability
On July 17, 2023, Sangfor FarSight Labs received notification about a remote command execution vulnerability in the Apache RocketMQ CVE-2023-37582.
References
EPSS Score
93% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π°
First article discovered by Sangfor
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved