Apache ActiveMQ is a popular open-source messaging broker that is used by businesses of all sizes to communicate with their applications. However, a recent critical vulnerability in ActiveMQ is being actively exploited by ransomware groups to deploy ransomware on vulnerable systems.
The vulnerability, tracked as CVE-2023-46604, is a remote code execution (RCE) vulnerability that allows an attacker to execute arbitrary code on a vulnerable ActiveMQ server. The vulnerability can be exploited by sending a specially crafted JMS message to the server.
Once an attacker has exploited the vulnerability, they can gain complete control of the vulnerable ActiveMQ server. This could allow the attacker to deploy ransomware on the server, steal data, or disrupt operations.
Who is at risk?
Any business that is using Apache ActiveMQ is at risk of being exploited by this vulnerability. This includes businesses of all sizes, from small businesses to large enterprises.
How to protect yourself
The best way to protect yourself from this vulnerability is to upgrade to the latest version of ActiveMQ as soon as possible. Apache released a patch for the vulnerability on October 25, 2023.
If you are unable to upgrade to the latest version of ActiveMQ, you should immediately restrict internet access to these servers.
What to do if you have been exploited
If you believe that your ActiveMQ server has been exploited, you should take the following steps:
The CVE-2023-46604 vulnerability in Apache ActiveMQ is a critical vulnerability that is being actively exploited by ransomware groups. If you are using Apache ActiveMQ, you should upgrade to the latest version as soon as possible. If you are unable to upgrade, you should take steps to mitigate the risk of exploitation.
Rapid7 and Huntress have some great explanations of this, including the progress of the exploitations.
(We take no responsibility for the content of external links)
© Be Secure Cyber Ltd 2023