# Apache RocketMQ:在使用更新配置功能时可能存在远程代码执行漏洞
## 漏洞概述
RocketMQ 版本 5.1.0 及以下存在远程命令执行的风险。攻击者可以通过利用未受权限验证的配置更新功能,以 RocketMQ 运行用户的系统权限执行命令。此外,攻击者还可以通过伪造 RocketMQ 协议内容达到相同效果。
## 影响版本
- RocketMQ 5.1.0 及以下版本
- RocketMQ 4.9.5 及以下版本
## 漏洞细节
RocketMQ 的多个组件(包括 NameServer、Broker 和 Controller)在外部网络上暴露且缺乏权限验证。攻击者可以利用这些组件的配置更新功能来执行系统命令,或者通过伪造 RocketMQ 协议内容实现相同的攻击效果。
## 影响
攻击者可以利用该漏洞以 RocketMQ 运行用户的权限执行任意命令,从而对系统造成潜在威胁。
## 防护建议
- 对于使用 RocketMQ 5.x 的用户,建议升级到 5.1.1 或以上版本。
- 对于使用 RocketMQ 4.x 的用户,建议升级到 4.9.6 或以上版本。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | None | https://github.com/I5N0rth/CVE-2023-33246 | POC详情 |
| 2 | None | https://github.com/yizhimanpadewoniu/CVE-2023-33246-Copy | POC详情 |
| 3 | Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit | https://github.com/Le1a/CVE-2023-33246 | POC详情 |
| 4 | Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit | https://github.com/SuperZero/CVE-2023-33246 | POC详情 |
| 5 | CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit | https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT | POC详情 |
| 6 | CVE-2023-33246:Apache RocketMQ 远程命令执行漏洞检测工具 | https://github.com/CKevens/CVE-2023-33246 | POC详情 |
| 7 | RocketMQ RCE (CVE-2023-33246) woodpecker 利用插件 | https://github.com/cr1me0/rocketMq_RCE | POC详情 |
| 8 | CVE-2023-33246 | https://github.com/Devil0ll/CVE-2023-33246 | POC详情 |
| 9 | CVE-2023-33246 POC | https://github.com/d0rb/CVE-2023-33246 | POC详情 |
| 10 | A tool to fetch the RocketMQ broker configuration in order to discover indicators of compromise for CVE-2023-33246 | https://github.com/vulncheck-oss/fetch-broker-conf | POC详情 |
| 11 | CVE-2023-33246 - Apache RocketMQ config RCE | https://github.com/0xKayala/CVE-2023-33246 | POC详情 |
| 12 | None | https://github.com/MkJos/CVE-2023-33246_RocketMQ_RCE_EXP | POC详情 |
| 13 | None | https://github.com/hanch7274/CVE-2023-33246 | POC详情 |
| 14 | CVE-2023-33246:Apache RocketMQ 远程命令执行漏洞检测工具 | https://github.com/3yujw7njai/CVE-2023-33246 | POC详情 |
| 15 | None | https://github.com/PavilionQ/CVE-2023-33246-mitigation | POC详情 |
| 16 | None | https://github.com/4mazing/CVE-2023-33246-Copy | POC详情 |
| 17 | None | https://github.com/Sumitpathania03/Apache-RocketMQ-CVE-2023-33246- | POC详情 |
| 18 | CVE-2023-33246:Apache RocketMQ 远程命令执行漏洞检测工具 | https://github.com/AiK1d/CVE-2023-33246 | POC详情 |
| 19 | For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x . | https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2023/CVE-2023-33246.yaml | POC详情 |
| 20 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20RocketMQ%20Broker%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-33246.md | POC详情 |
| 21 | https://github.com/vulhub/vulhub/blob/master/rocketmq/CVE-2023-33246/README.md | POC详情 |