- The 25+ best Black Friday Nintendo Switch deals 2024
- Why there could be a new AI chatbot champ by the time you read this
- The 70+ best Black Friday TV deals 2024: Save up to $2,000
- This AI image generator that went viral for its realistic images gets a major upgrade
- One of the best cheap Android phones I've tested is not a Motorola or Samsung
CISA Adds Critical RocketMQ Bug to Must-Patch List
The US government has ordered all federal civilian agencies to patch a critical vulnerability in Apache RocketMQ, which is currently being exploited in the wild.
The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-33246 to its Known Exploited Vulnerabilities Catalog. It means government agencies have until September 27 to apply a vendor patch to affected systems, although private enterprises are encouraged to follow suit.
The bug affects versions 5.1.0 and below of the popular distributed messaging and streaming platform. It has been given a CVSS rating of 9.8.
“Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as,” explained NIST in an advisory.
“Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x.”
Read more on known exploited vulnerabilities: CISA: Patch Bug Exploited by Chinese E-commerce App
Last month, Juniper Networks reported that the remote code execution vulnerability was being exploited in a “series of attacks” that date back to June. The software flaw was publicly disclosed in May.
The security and networking vendor said it detected several of these campaigns exploiting CVE-2023-33246 to install the DreamBus bot for Monero cryptocurrency mining.
Threat intelligence firm VulnCheck said it used Censys to detect around 4500 potentially exposed Apache RocketMQ systems.
“However, the extreme concentration of systems in one country does call into question how many of these may be honeypots,” it added.