March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
October 13, 2023Rewterz Threat Advisory – Multiple SonicWall GMS and Analytics Products Vulnerabilities
October 13, 2023Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
October 13, 2023Rewterz Threat Advisory – Multiple SonicWall GMS and Analytics Products Vulnerabilities
October 13, 2023
Severity
High
Analysis Summary
CVE-2023-44981
Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer authentication is enabled. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authorization and allow arbitrary endpoints to join the cluster and begin propagating counterfeit changes.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-44981
Affected Vendors
Apache
Affected Products
- Apache ZooKeeper 3.7.0
- Apache ZooKeeper 3.7.1
- Apache ZooKeeper 3.8.0
- Apache ZooKeeper 3.8.2
- Apache ZooKeeper 3.9.2
Remediation
Upgrade to the latest version of Apache ZooKeeper, available from the Apache Website.