CVE-2023-37582
Apache RocketMQ: Possible remote code execution when using the update configuration function
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1.
When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as.
It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.
*Credits:
soreatu@gmail.com, yuansec@outlook.com
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-09 CVE Reserved
- 2023-07-12 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2023/07/12/1 | 2023-07-20 | |
| https://lists.apache.org/thread/m614czxtpvlztd7mfgcs2xcsg36rdbnc | 2023-07-20 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Rocketmq Search vendor "Apache" for product "Rocketmq" | <= 4.9.6 Search vendor "Apache" for product "Rocketmq" and version " <= 4.9.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Rocketmq Search vendor "Apache" for product "Rocketmq" | >= 5.0.0 <= 5.1.1 Search vendor "Apache" for product "Rocketmq" and version " >= 5.0.0 <= 5.1.1" | - |
Affected
| ||||||