Attacks leveraging a critical Apache RocketMQ flaw, tracked as CVE-2023-33246, to deploy the DreamBus botnet and a Monero miner have prompted the inclusion of the bug in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, according to BleepingComputer.
Vulnerable RocketMQ distributed messaging and streaming systems could be targeted by various threat actors to facilitate the delivery of different payloads, said CISA, which noted that exploitation has been made possible by executing system user commands through the update configuration functionality of the platform. Federal agencies have been urged to remediate the flaw by Sept. 27.
Such an advisory comes after VulnCheck researcher Jacob Baines noted that the vulnerability is exploitable due to the exposure of the system's various components to the internet.
"The RocketMQ broker was never meant to be exposed to the internet. The interface is insecure by design and offers a variety of administrative functions," said Baines, who added that five or more threat actors may be already abusing the bug.