Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and servers, supporting Java and various cross-language clients and many protocols, including AMQP, MQTT, OpenWire, and STOMP. Thanks to the project's support for a diverse set of secure authentication and authorization mechanisms, it is widely used in enterprise environments where systems communicate without direct connectivity. The flaw in question is CVE-2023-46604, a critical severity RCE allowing attackers to execute arbitrary shell commands by exploiting the serialized class types in the OpenWire protocol. Fixes were made available on the same day with the release of versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3, which are the recommended upgrade targets. Researchers from threat monitoring service ShadowServer found 7,249 servers accessible with ActiveMQ services. Of those, 3,329 were found to run an ActiveMQ version vulnerable to CVE-2023-4660, with all of these servers vulnerable to remote code execution. Most of the vulnerable instances are located in China. The United States comes second with 530, Germany is third with 153, while India, the Netherlands, Russia, France, and South Korea have 100 exposed servers each. Given the role Apache ActiveMQ fulfills as a message broker in enterprise environments, exploitation of CVE-2023-46604 could result in message interception, workflow disruption, data theft, and even lateral movement in the network. As technical details on exploiting CVE-2023-46604 are publicly available, applying the security updates should be considered time-sensitive. F5 fixes BIG-IP auth bypass allowing remote code execution attacks. Critical RCE flaws found in SolarWinds access audit solution. Millions of Exim mail servers exposed to zero-day RCE attacks. Thousands of Juniper devices vulnerable to unauthenticated RCE flaw. ASUS routers vulnerable to critical remote code execution flaws.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000