Outbreak Alert

Apache RocketMQ Remote Command Execution Vulnerability

Released: Jul 05, 2023

Updated: Sep 06, 2023

Download PDF »

Apache RocketMQ RCE

Medium Severity

Apache Vendor

Vulnerability Type

Open source software actively exploited

RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands or by forging the RocketMQ protocol content. CVE-2023-33246 is reportedly being exploited in the wild. Additionally, proof-of-concept (PoC) code is publicly available. Learn More »

Common Vulnerabilities and Exposures

CVE-2023-33246

Background

RocketMQ is a distributed messaging and streaming platform. It was open sourced by Alibaba in 2012. In 2016, Alibaba donated RocketMQ to the Apache Software Foundation and is Apache Software Foundation announced it as a Top-level project. According to the vendor, RocketMQ has become the industry standard for financial-grade reliable business messages and is widely used in Internet, big data, mobile Internet, IoT, and other fields.

Threat Radar Overall Score:

	CVSS Rating	9.8
	FortiRecon Score	92/100
	Known Exploited	Yes
	Exploit Prediction Score	97.3%
	FortiGuard Telemetry	4915

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

May 23, 2023: RocketMQ team released patch and advisory about the vulnerability
https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp

Jun 22, 2023: FortiGuard Labs released a Threat signal on CVE-2023-33246.
https://www.fortiguard.com/threat-signal-report/5203

29 June, 2023: FortiGuard Labs released an IPS signature to detect and block attacks leveraging CVE-2023-33246 and has blocked attack attempts on upto 1000+ unique IPS devices since the release.

To mitigate the risk completely, users are recommended to upgrade to version 5.1.1 or above for (RocketMQ 5.x) and 4.9.6 or above for using (RocketMQ 4.x).
https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp

06 Sept, 2023: CISA added CVE-2023-33246 to its known exploited catalog list (KEV)

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

IPS
Web App Security
Post-execution

DETECT

Outbreak Detection
Threat Hunting
Content Update

RESPOND

Assisted Response Services
Automated Response

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Hardening
Business Reputation

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

References

Sources of information in support and relation to this Outbreak and vendor.

Apache Advisory

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners