Summary
Apache Active MQ, a scalable open-source message broker, has a critical vulnerability. It is identified as CVE-2023-46604 a Critical rated vulnerability with a CVSS 3.0 score of 10, the maximum value. According to NVD, it is a remote code execution vulnerability which may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol.
Impact Assessment
CVE-2023-46604 is a rare vulnerability with a CVSS score of 10, the highest possible severity. It affects a critical piece of server infrastructure for any enterprise organization and has remote code execution capabilities. This vulnerability is also on the CISA known exploited vulnerabilities list.
According to Apache the affected software versions for this vulnerability are:
- Apache ActiveMQ 5.18.0 before 5.18.3
- Apache ActiveMQ 5.17.0 before 5.17.6
- Apache ActiveMQ 5.16.0 before 5.16.7
- Apache ActiveMQ before 5.15.16
- Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
- Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
- Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
- Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16
What it means for you
This vulnerability is maximum severity and allows for remote code execution of arbitrary code. Due to Apache ActiveMQ’s role as a message broker, data exfiltration, disruption of service, and movement within the network is possible. If you or your organization use this software, it is imperative that it is patched or mitigated as soon as possible. It is known to be and has a high chance of being exploited.
Remediation
According to Apache, users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 of Apache ActiveMQ which will remediate the vulnerability.
Business Implications
Exploitation of this vulnerability can greatly affect business operations and the bottom line depending on existing network infrastructure, patching cadence, incident response efforts, etc. Exploitation of this vulnerability can allow lateral movement within the target network which means it can affect other devices besides the server, it can cause denial of service, and data exfiltration. It really depends on the attacker’s know-how and what they intend to do after exploitation. Nonetheless, it will cause monetary loss and data loss at the least from incident response.
Access Point Technology Recommends
Patch: We recommend that you review your network, identifying if you use Apache Active MQ, and patch ASAP. This will always be the best way to prevent exploitation of a new vulnerability.
Review network architecture: This vulnerability allows for lateral movement, which means proper network segmentation is crucial to mitigate the impact exploitation of this vulnerability would cause. Hire or train network engineers to put these protections in place.
Associated Bulletins
https://nvd.nist.gov/vuln/detail/CVE-2023-46604
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
https://www.openwall.com/lists/oss-security/2023/10/27/5
https://issues.apache.org/jira/browse/AMQ-9370
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
.webp)
.png)
