Cyber Resilience

CVE-2023-54342

CriticalPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0046 36.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2023-54342 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2023-54342 is a remote code execution vulnerability in the console interface of Eclipse Equinox OSGi versions 3.8 through 3.18. The flaw stems from the fork command functionality, which allows unauthenticated attackers to execute arbitrary code. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-306 (Missing Authentication for Critical Function).

Unauthenticated remote attackers can exploit this vulnerability by establishing a telnet connection to the exposed OSGi console, completing the telnet handshake, and issuing fork commands. This enables them to download and execute malicious Java code, such as establishing a reverse shell, with low attack complexity and no privileges or user interaction required.

Advisories and related resources, including the Vulncheck advisory at https://www.vulncheck.com/advisories/eclipse-equinox-osgi-console-remote-code-execution and a proof-of-concept exploit at https://www.exploit-db.com/exploits/51878, provide further details on exploitation and potential mitigations.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi…

more

console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Direct unauthenticated RCE via exposed public console (T1190); enables arbitrary command execution including reverse shells via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-54344Shared CWE-306
CVE-2025-52089Shared CWE-306
CVE-2026-39987Shared CWE-306
CVE-2026-35546Shared CWE-306
CVE-2026-4810Shared CWE-306
CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306
CVE-2026-21992Shared CWE-306
CVE-2025-26362Shared CWE-306

Affected Assets

Eclipse Equinox OSGi
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the RCE vulnerability in Eclipse Equinox OSGi versions 3.8 through 3.18 by applying vendor patches or upgrading to unaffected versions.

prevent

Prevents remote attackers from reaching the vulnerable OSGi telnet console by monitoring and controlling communications at system boundaries, such as blocking telnet traffic.

prevent

Eliminates the unauthenticated fork command attack surface by disabling the non-essential OSGi console interface.

References