CVE-2023-54342
CriticalSummary
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.
Risk Assessment
This vulnerability poses a serious risk to organizations by allowing attackers to execute code remotely, potentially leading to system takeover. Unsecured instances may be easy targets for cybercriminals.
Recommendation
It is recommended to upgrade to the latest version of Eclipse Equinox OSGi to mitigate this vulnerability. Additionally, access to the OSGi console should be restricted to authorized users, and further security measures such as firewalls should be considered.
Original NVD description (English source)
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.

