CyberWatch

Critical Apache ActiveMQ Vulnerability. Patch Now!

By

By

Access Point Consulting

Summary

Apache Active MQ, a scalable open-source message broker, has a critical vulnerability. It is identified as CVE-2023-46604 a Critical rated vulnerability with a CVSS 3.0 score of 10, the maximum value. According to NVD, it is a remote code execution vulnerability which may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol.

Impact Assessment

CVE-2023-46604 is a rare vulnerability with a CVSS score of 10, the highest possible severity. It affects a critical piece of server infrastructure for any enterprise organization and has remote code execution capabilities. This vulnerability is also on the CISA known exploited vulnerabilities list.

According to Apache the affected software versions for this vulnerability are:

  1. Apache ActiveMQ 5.18.0 before 5.18.3
  2. Apache ActiveMQ 5.17.0 before 5.17.6
  3. Apache ActiveMQ 5.16.0 before 5.16.7
  4. Apache ActiveMQ before 5.15.16
  5. Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
  6. Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
  7. Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
  8. Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16

What it means for you

This vulnerability is maximum severity and allows for remote code execution of arbitrary code. Due to Apache ActiveMQ’s role as a message broker, data exfiltration, disruption of service, and movement within the network is possible. If you or your organization use this software, it is imperative that it is patched or mitigated as soon as possible. It is known to be and has a high chance of being exploited.

Remediation

According to Apache, users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 of Apache ActiveMQ which will remediate the vulnerability.

Business Implications

Exploitation of this vulnerability can greatly affect business operations and the bottom line depending on existing network infrastructure, patching cadence, incident response efforts, etc. Exploitation of this vulnerability can allow lateral movement within the target network which means it can affect other devices besides the server, it can cause denial of service, and data exfiltration. It really depends on the attacker’s know-how and what they intend to do after exploitation. Nonetheless, it will cause monetary loss and data loss at the least from incident response.

Access Point Technology Recommends

Patch: We recommend that you review your network, identifying if you use Apache Active MQ, and patch ASAP. This will always be the best way to prevent exploitation of a new vulnerability.

Review network architecture: This vulnerability allows for lateral movement, which means proper network segmentation is crucial to mitigate the impact exploitation of this vulnerability would cause. Hire or train network engineers to put these protections in place.

Associated Bulletins

https://nvd.nist.gov/vuln/detail/CVE-2023-46604

https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt

https://www.openwall.com/lists/oss-security/2023/10/27/5

https://issues.apache.org/jira/browse/AMQ-9370

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Resources

Trending Articles & Security Reports

Resources

CyberWatch

November 22, 2024

Patch Updates, New Malware Threats, and the Ongoing Supply Chain Battle

On this episode of the CyberWatch podcast, there are updates to software across the application and OS spectrum. New malicious campaigns are threatening victims of all sizes, and researchers have performed dissections on malware to give defenders new clues about just what it is they're fighting. All this today, in CyberWatch.

Find out more
October 25, 2024

Ransomware, Supply Chain Attacks, and Nation-State Threats

CyberWatch, by Access Point Consulting, is your weekly source for emerging cybersecurity news, regulatory updates, and threat intelligence. Backed by experts in security consulting, regulatory compliance, and security operations, Access Point enables you to manage cyber risks, respond to incidents, and drive innovation in your company. Read here or on our website; listen on Spotify or Apple Podcasts; or watch on YouTube.website; listen on Spotify or Apple Podcasts; or watch on YouTube. .

Find out more
October 7, 2024

VINs and Losses: How Hackers Take Kias for a Ride

In the age of smart cars and connected devices, convenience often comes with hidden risks. A recently discovered critical vulnerability in Kia vehicles serves as a stark reminder of how our increasingly digital world is making cars new targets for cyberattacks. This vulnerability allowed hackers to remotely control various vehicle functions—using nothing more than a car's license plate number. It highlights the growing threat of cyberattacks on connected cars and the importance of cybersecurity in the automotive industry.

Find out more