Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

CVE-2023-49070

Disclosure Date: December 05, 2023 •

CVE-2023-49070 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by cbeek-r7
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

exploit/linux/http/apache_ofbiz_deserialization

Description

Pre-auth RCE in Apache Ofbiz 18.12.09.

It’s due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10.
Users are recommended to upgrade to version 18.12.10

Add Assessment

cbeek-r7 (99)

January 03, 2024 8:34am UTC (3 months ago)

Ratings

Attacker Value

Very High

Exploitability

Very High

Easy to weaponize Gives privileged access Unauthenticated

Technical Analysis

CVE-2023-49070 is a critical security vulnerability in Apache OFBiz, a comprehensive open-source enterprise resource planning (ERP) system. This vulnerability is classified as a pre-authentication remote code execution (RCE) issue, primarily stemming from an outdated and no longer maintained XML-RPC component in Apache OFBiz. The specific version affected is 18.12.09, and it is recommended that users upgrade to version 18.12.10 to mitigate the risk

In terms of severity, CVE-2023-49070 has a CVSS v3 Base Score of 9.8, which is considered critical. The CVSS scoring vector for this vulnerability indicates that the vulnerability is network exploitable, requires low attack complexity, no privileges, and no user interaction. It has an impact on confidentiality, integrity, and availability, all rated as high.

Additionally, the Exploit Prediction Scoring System (EPSS) score for CVE-2023-49070 indicates a 50.12% probability of exploitation activity in the next 30 days. ShadowServer is already observing scans being executed by using an available poc for this vulnerability: https://github.com/abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC. The patch provided for this vulnerability failed to remove root cause of the issue and it is advised to update again for CVE-2023-51467.(https://www.openwall.com/lists/oss-security/2023/12/26/3)

Given its critical nature, high likelihood of exploitation, and the potential for significant impact, it’s essential for organizations using Apache OFBiz to address this vulnerability promptly.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

apache

Products

ofbiz

Metasploit Modules

exploit/linux/http/apache_ofbiz_deserialization (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_ofbiz_deserialization.rb)

Exploited in the Wild

Reported by:

cbeek-r7 indicated source as Government or Industry Alert

Reported: January 03, 2024 8:34am UTC (3 months ago)

References

Canonical

CVE-2023-49070 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49070)

Exploit

The following exploit POCs have not been verified by Rapid7 researchers, but are sourced from: nomi-sec/PoC-in-GitHub.
Additional sources will be added here as they become relevant.
Notes: We will only add the top 3 POCs for a given CVE. POCs added here must have at least 2 GitHub stars.

PoC (https://github.com/abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC)

OFBiz-Attack (https://github.com/D0g3-8Bit/OFBiz-Attack)

Exploit-CVE-2023-49070-and-CVE-2023-51467-Apache-OFBiz (https://github.com/UserConnecting/Exploit-CVE-2023-49070-and-CVE-2023-51467-Apache-OFBiz)