Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-33246

Published: 24/05/2023 Updated: 12/07/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Apache

Vulnerability Summary

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache rocketmq

Exploits

Exploit DB: Apache RocketMQ 5.1.0 Arbitrary Code Injection
RocketMQ versions 510 and below are vulnerable to arbitrary code injection Broker component of RocketMQ is leaked on the extranet and lack permission verification An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as Additionally, an attacker ca ...

Github Repositories

https://github.com/Malayke/CVE-2023-37582_EXPLOIT

Apache RocketMQ Arbitrary File Write Vulnerability Exploit

CVE-2023-37582_EXPLOIT Apache RocketMQ Arbitrary File Write Vulnerability Exploit Demo Overview In fact, the Arbitrary file write vulnerability(CVE-2023-37582) in Apache RocketMQ has already been addressed in the CVE-2023-33246 RCE vulnerability However, the fix provided for CVE-2023-33246 RCE is not comprehensive as it only resolves the impact on RocketMQ's broker This

https://github.com/vulncheck-oss/fetch-broker-conf

A go-exploit for fetching the RocketMQ broker configuration in order to discover indicators of compromise for CVE-2023-33246

Fetch Broker Configuration Fetch Broker Configuration will try to download the RocketMQ broker configuration in order to hunt for indicators of compromise in the rocketmqHome variable The variable is used by various attackers to execute code via CVE-2023-33246 For additional details, see the VulnCheck blog Compiling You can use the makefile to build a docker container: make

https://github.com/SuperZero/CVE-2023-33246

Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit

CVE-2023-33246 Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit 使用方法: java -jar CVE-2023-33246jar -ip "127001" -cmd "open -a calculator" 免责声明: 检测工具仅供各大安全公司的安全测试员安全测试使用。未经允许请勿对任何外部计算机系统进行入侵攻击,不得用于任何非授权形式的

https://github.com/I5N0rth/CVE-2023-33246

CVE-2023-33246 修改propssetProperty,执行命令

https://github.com/CKevens/CVE-2023-33246

CVE-2023-33246:Apache RocketMQ 远程命令执行漏洞检测工具

CVE-2023-33246 CVE-2023-33246:Apache RocketMQ 远程命令执行漏洞检测工具 工具功能 简单使用 运行 /apache_rocketmq_cve_2023_33246_scanner_linux_amd64 scan 输出 是否存在漏洞:是 或者 VulnFound: true 则说明存在漏洞,Version 或者 版本号 字段为工具检测到的资产的版本。 将检测数据输出到 json 文件 运行 apache_roc

https://github.com/Devil0ll/CVE-2023-33246

CVE-2023-33246

CVE-2023-33246 CVE-2023-33246 Apache RocketMQ 远程代码执行漏洞 CVE-2023-33246 Exploit 使用方法 java -jar CVE-2023-33246jar -ip "127001" -port "10911" -cmd "touch 123" 免责声明 检测工具仅供各大安全公司的安全测试员安全测试使用。未经允许请勿对任何外部计算机系统进行入侵攻击,不得用

https://github.com/Le1a/CVE-2023-33246

Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit

CVE-2023-33246 Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit 使用方法: java -jar CVE-2023-33246jar -ip "127001:10911" -cmd "open -a Calculator" 本工具的特点 由于心跳机制30s触发一次漏洞,所以工具延时35秒,保证命令被执行,随后再还原配置文件,所以

https://github.com/Serendipity-Lucky/CVE-2023-33246

Apache RocketMQ 远程代码执行漏洞利用工具

CVE-2023-33246 Apache RocketMQ 远程代码执行漏洞利用工具 基础使用 java -jar CVE-2023-33246jar -ip "攻击机IP" -cmd "需要执行的命令" 免责声明 检测工具仅供各大安全公司的安全测试员安全测试使用,未经允许请勿对任何外部计算机系统进行入侵攻击,不得用于任何非授权形式的安全测

https://github.com/yizhimanpadewoniu/CVE-2023-33246-Copy

1 参考学习 CVE-2023-33246 githubcom/I5N0rth/CVE-2023-33246 2 本地搭建环境 21 下载镜像 # docker pull apache/rocketmq:491 # docker pull apacherocketmq/rocketmq-console:200 22 启动broker、namesrv、console 启动namesrv docker run -dit -p 9876:9876 -p 10909:10909 --name mqsrv -e "MAX_POSSIBLE_HEAP=100000

https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT

CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit

CVE-2023-33246 RocketMQ Remote Code Execution Exploit CVE-2023-33246 RocketMQ Remote Code Execution Exploit Overview RocketMQ is a distributed messaging and streaming platform RocketMQ versions 510 and below are vulnerable to Arbitrary Code Injection Broker component of RocketMQ is leaked on the extranet and lack permission verification An attacker can exploit this vulnera

https://github.com/hanch7274/CVE-2023-33246

CVE-2023-33246 exploit test

https://github.com/vulncheck-oss/go-exploit

A Go-based Exploit Framework

go-exploit: Go Exploit Framework go-exploit is an exploit development framework for Go The framework helps exploit developers create small, self-contained, portable, and consistent exploits The framework was developed to simplify large scale scanning, exploitation, and integration with other tools For API documentation, check out the package on pkggodev/githubcom/vulnch

https://github.com/0xKayala/CVE-2023-33246

CVE-2023-33246 - Apache RocketMQ config RCE

CVE-2023-33246 - RocketMQ Remote Code Execution CVE-2023-33246 - Apache RocketMQ config Remote Code Execution Exploit Overview RocketMQ is a distributed messaging and streaming platform RocketMQ versions 510 and below are vulnerable to Arbitrary Code Injection Broker component of RocketMQ is leaked on the extranet and lack permission verification An attacker can exploit th

https://github.com/MkJos/CVE-2023-33246_RocketMQ_RCE_EXP

CVE-2023-33246_RocketMQ_RCE_EXP CVE-2023-33246 RocketMQ Remote Code Execution Exploit Overview RocketMQ versions 510 and below are vulnerable to Arbitrary Code Injection Broker component of RocketMQ is leaked on the extranet and lack permission verification An attacker can exploit this vulnerability by using the update configuration function to execute commands as the syste

Recent Articles

Rust can help make software secure – but it's no cure-all
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Security is a process, not a product. Nor a language

Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited. So while coding with Rust can help reduce memory safety vulnerabilities, it won't fix everything. Security biz Horizon3.ai has analyzed CISA's Known Exploited Vulnerabilities in 2023 and found, as chief attack engineer Zach Hanley put it, that "Rust won’t save us, but it will help us." We feel thi...

Read more...

References

CWE-94https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyphttp://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.htmlhttp://www.openwall.com/lists/oss-security/2023/07/12/1https://nvd.nist.govhttps://www.theregister.co.uk/2024/02/08/rust_software_memory_safety/https://github.com/Malayke/CVE-2023-37582_EXPLOIT
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook