Lucene search

[email protected]CVE-2023-37582

HistoryJul 12, 2023 - 10:15 a.m.

CVE-2023-37582

2023-07-1210:15:11

CWE-94

[email protected]

web.nvd.nist.gov

cve

2023

37582

rocketmq

nameserver

remote command execution

vulnerability

nvd

security

update.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1.

When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as.

It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.

Affected configurations

Vulners

NVD

Node

apacherocketmqRange≤5.1.1

apacherocketmqRange≤4.9.6

CPENameOperatorVersion
apache:rocketmqapache rocketmqle4.9.6
apache:rocketmqapache rocketmqle5.1.1

CPE	Name	Operator	Version
apache:rocketmq	apache rocketmq	le	4.9.6
apache:rocketmq	apache rocketmq	le	5.1.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache RocketMQ",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "5.1.1",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "4.9.6",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]