H3-2020-0022

Insecure Java JMX Configuration

Description

The Java Management Extensions (JMX) service on the server is misconfigured to allow unauthenticated access. JMX is a Java technology that provides tools for managing and monitoring applications and devices. This misconfiguration enables an attacker to utilize the JMX interface without having to provide any authentication credentials. With unauthenticated access, attackers can potentially use available MBeans (Managed Beans) to invoke methods and download malicious payloads from an attacker-controlled server, allowing them to execute arbitrary commands on the target system.

Impact

If this misconfiguration is exploited, an attacker can gain full control over the JMX-monitored application. This includes the ability to execute arbitrary code on the affected host, leading to a complete compromise of the system and potentially any sensitive data or critical services it manages.

References

• Attacking RMI based JMX Services
• Java JMX Server Insecure Configuration Java Code Execution (Metasploit)
• MITRE ATT&CK Technique: T1210: Exploitation of Remote Services