A critical vulnerability in Apache Activemq, identified as CVE-2023-46604, has been exposed, which reveals an active exploitatscenario by the notorious kining malware.
According to an advice published by Trend Micro on Monday, the discovery underlines the implications for Linux systems, because the vulnerability for external code version (RCE) makes it possible for insufficient validation of Throwable classes in OpenWire assignments.
Apache Activemq, a Java -based open source protocol, is widely used for message -oriented middleware, which facilitates seamless communication between various applications.
Kinten, a powerful threat that is specifically aimed at Linux-based systems, capitalizes on vulnerabilities of web applications and incorrectly configured container environments to infiltrate servers and quickly spread over networks.
Reports of active exploitation of CVE-2023-46604 emerged in November, using threat actors of exploits such as metasploit and cores. Despite the severity of the vulnerability (CVSS 9.8), the detection remains relatively low.
“The danger with this CVE is that Apache Activemq is used a lot, and because it can communicate about multiple protocols (such as MQTT), it is also widely used in non-it environments to communicate with IoT/OT/ICS devices,” said John Gallagher, vice-president of Vikoo’s at Vikoo.
“Many IoT devices have powerful processing options and miss patching policy, make, [crypto]My from an ideal activity for them. “
The Kinige exploit uses the Processbuilder method, which leads to the download and implementation of cryptocurrency mini workers and malware on compromised systems. In particular, the malware is actively looking for and eliminates competing cryptocurrency miners.
The threat actors who orchestrate Kersing, not only CVE-2023-46604, but also other controversial vulnerabilities such as CVE-2023-4911 (Looney Tunables).
Read more about Kining: Docker -users who are aimed at crypto -malware via exposed APIs
Trend Micro urged users to immediately upgrade to reduce the risks of this vulnerability. The patch for CVE-2023-46604 deals with the cause of the head by introducing the “Validateinthrowable” method in the “BasataTaStaStreamMarshals” class.
‘To watch against this [threat]Organizations must give priority to patching and remediation, especially for all external exposure and people with assets with a higher value, ”said Ken Dunham, director of Cyber Threat at Qalys.
“In addition, precautions such as extensive monitoring and log reviews with solutions are recommended to prevent well-known TTPs for brutal force and known attacks until the risk of exploitation is fully remedied.”