CVE-2023-46604

Vulnerability updated 7 months ago (2024-05-04T17:33:09.862Z)

Download STIX

Preview STIX

CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity score (CVSS 10). The vulnerability enables unauthenticated threat actors to run arbitrary shell commands. It was patched by Apache at the end of the month preceding its discovery. The vulnerability has attracted significant attention from cybercriminals, with multiple instances of exploitation reported. Rapid7 researchers initially raised concerns about the suspected misuse of this flaw. Cybersecurity researchers at Trend Micro later confirmed these suspicions, identifying attacks where cybercriminals exploited CVE-2023-46604 to infect Linux systems with the Kinsing malware, also known as h2miner. These attacks typically resulted in the installation of cryptocurrency miners on targeted Linux systems. In parallel, Atlassian revealed that its Bamboo continuous integration (CI) and continuous delivery (CD) server, along with Confluence Data Center and Server, were also vulnerable to this max-severity issue. All versions of Bamboo Data Center and Server were found to be impacted by this actively exploited security flaw. Additionally, the AhnLab Security Emergency Response Center (ASEC) implicated Andariel, a subgroup within Lazarus, in cyberattacks exploiting CVE-2023-46604.

Description last updated: 2024-03-14T17:20:09.542Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
H2miner is a possible alias for CVE-2023-46604. H2miner, also known as Kinsing, is a malicious software (malware) that primarily targets Linux systems to exploit their computing resources for illicit cryptocurrency mining. This malware is typically introduced into systems through suspicious downloads, emails, or websites, often unbeknownst to the	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apache

Vulnerability

Activemq

Apache Activ...

Ransomware

Rapid7

Malware

Exploit

Fortiguard

Remote Code ...

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Kinsing Malware is associated with CVE-2023-46604. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informa	Unspecified	4
The HELLOKITTY Malware is associated with CVE-2023-46604. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat	Unspecified	3

Source Document References

Information about the CVE-2023-46604 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	3 months ago	#StopRansomware: RansomHub Ransomware \| CISA
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
DARKReading	4 months ago	Feds Warn of North Korean Cyberattacks on US Critical Infrastructure
CISA	4 months ago	North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs \| CISA
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	5 months ago	TellYouthePass Ransomware Group Exploits Critical PHP Flaw
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
CISA	6 months ago	Delta Electronics InfraSuite Device Master \| CISA
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini