Article Details
Scrape Timestamp (UTC): 2023-11-01 18:06:45.698
Original Article Text
Click to Toggle View
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online. Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and servers, supporting Java and various cross-language clients and many protocols, including AMQP, MQTT, OpenWire, and STOMP. Thanks to the project's support for a diverse set of secure authentication and authorization mechanisms, it is widely used in enterprise environments where systems communicate without direct connectivity. The flaw in question is CVE-2023-46604, a critical severity (CVSS v3 score: 10.0) RCE allowing attackers to execute arbitrary shell commands by exploiting the serialized class types in the OpenWire protocol. According to Apache's disclosure from October 27, 2023, the issue affects the following Apache Active MQ and Legacy OpenWire Module versions: Fixes were made available on the same day with the release of versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3, which are the recommended upgrade targets. Thousands of servers unpatched Researchers from threat monitoring service ShadowServer found 7,249 servers accessible with ActiveMQ services. Of those, 3,329 were found to run an ActiveMQ version vulnerable to CVE-2023-4660, with all of these servers vulnerable to remote code execution. Most of the vulnerable instances (1,400) are located in China. The United States comes second with 530, Germany is third with 153, while India, the Netherlands, Russia, France, and South Korea have 100 exposed servers each. Given the role Apache ActiveMQ fulfills as a message broker in enterprise environments, exploitation of CVE-2023-46604 could result in message interception, workflow disruption, data theft, and even lateral movement in the network. As technical details on exploiting CVE-2023-46604 are publicly available, applying the security updates should be considered time-sensitive.
Daily Brief Summary
Over 3,000 internet-exposed Apache ActiveMQ servers are susceptible to a recently disclosed critical remote code execution (RCE) vulnerability (CVE-2023-46604) that scores a full 10.0 on the severity scale (CVSS v3).
Apache ActiveMQ is an open-source message broker that facilitates secure communication between clients and servers using diverse secure authentication and authorization mechanisms, making it a popular choice in enterprise environments.
Attackers can exploit this flaw to execute arbitrary shell commands by capitalizing on the serialized class types in the OpenWire protocol.
Apache issued a fix for these vulnerabilities on October 27, 2023, however, approximately 3,329 servers running the vulnerable ActiveMQ version out of 7,249 discovered remain unpatched.
Exploitation of this vulnerability can result in message interception, workflow disruption, data theft, and possible lateral movement in the network.
Mainly due to its significant implications and public availability, it is essential to prioritize the application of the recommended security updates.