CVE-2023-21554

CRITICAL

CVE-2023-21554 - QueueJumper - MSMQ RCE Check

Title source: metasploit

Exploitation Summary

EIP tracks 6 public exploits for CVE-2023-21554. PoCs published by zoemurmure, 3tternp, leongxudong, including Metasploit module auxiliary/scanner/msmq/cve_2023_21554_queuejumper.

AI-analyzed exploit summary This PoC exploits CVE-2023-21554, a vulnerability in Windows Message Queuing (MSMQ) service, by sending malformed packets to trigger a crash in mqsvc.exe. The exploit requires manual IP modification and relies on pre-generated binary payloads.

Description

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Exploits (6)

nomisec WORKING POC 57 stars

by zoemurmure · poc

https://github.com/zoemurmure/CVE-2023-21554-PoC

View Code ZIP pw:eip

This PoC exploits CVE-2023-21554, a vulnerability in Windows Message Queuing (MSMQ) service, by sending malformed packets to trigger a crash in mqsvc.exe. The exploit requires manual IP modification and relies on pre-generated binary payloads.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Windows Message Queuing (MSMQ) service

No auth needed

Prerequisites: Network access to target · MSMQ service running on target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 24 stars

by 3tternp · poc

https://github.com/3tternp/CVE-2023-21554

View Code ZIP pw:eip

This PoC exploits CVE-2023-21554, a vulnerability in Windows Message Queuing (MSMQ), by sending crafted packets to trigger a crash in the mqsvc.exe process. The exploit establishes a connection, sends connection parameters, and transmits a malformed user message to achieve a DoS condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Windows Message Queuing (MSMQ) service

No auth needed

Prerequisites: Network access to the target system · MSMQ service running on the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 5 stars

by leongxudong · poc

https://github.com/leongxudong/MSMQ-Vulnerability

View Code ZIP pw:eip

This repository contains a Python-based PoC for CVE-2023-21554, a critical RCE vulnerability in Microsoft Message Queuing (MSMQ). The exploit sends malformed packets to TCP port 1801 to trigger memory corruption in the mqsvc.exe process.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Message Queuing (MSMQ) on Windows 10/11, Windows Server 2016/2019/2022

No auth needed

Prerequisites: MSMQ service enabled · TCP port 1801 accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by shootweb · poc

https://github.com/shootweb/CVE-2023-21554

View Code ZIP pw:eip

This repository contains a Python-based PoC for CVE-2023-21554, targeting Microsoft Message Queuing (MSMQ) on TCP port 1801. The PoC sends a sequence of binary payloads to trigger a DoS condition, with logging for response analysis.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Message Queuing (MSMQ)

No auth needed

Prerequisites: Python 3 · Network access to target port 1801 · Binary payload files

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by Rahul-Thakur7 · poc

https://github.com/Rahul-Thakur7/CVE-2023-21554

View Code ZIP pw:eip

This PoC exploits CVE-2023-21554 by sending a sequence of binary payloads to a target IP on port 1801, likely triggering a vulnerability in a network service. The script reads pre-defined binary files and sends them in a specific order to establish a connection and exploit the flaw.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Unknown (likely a network service vulnerable to CVE-2023-21554)

No auth needed

Prerequisites: Target IP address · Access to port 1801 · Binary payload files in ./data/

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit SCANNER

by Wayne Low, Haifei Li, Bastian Kanbach <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/msmq/cve_2023_21554_queuejumper.rb

View Code ZIP pw:eip

This Metasploit module checks for CVE-2023-21554 by sending a crafted MSMQ message with an altered DataLength field to trigger an integer overflow. It detects vulnerability based on the presence of a response from the target system.

Classification

Scanner 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Message Queuing (MSMQ)

No auth needed

Prerequisites: Network access to MSMQ service (port 1801)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554

Scores

CVSS v3 9.8

EPSS 0.9545

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-20

Status published

Products (14)

microsoft/windows_10_1607 < 10.0.14393.5850

microsoft/windows_10_1809 < 10.0.17763.4252

microsoft/windows_10_20h2 < 10.0.19042.2846

microsoft/windows_10_21h2 < 10.0.19044.2846

microsoft/windows_10_22h2 < 10.0.19045.2846

microsoft/windows_11_21h2 < 10.0.22000.1817

microsoft/windows_11_22h2 < 10.0.22621.1555

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_server_2012

... and 4 more

Published Apr 11, 2023

Tracked Since Feb 18, 2026