CVE-2023-54342
CRITICALEclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution
Title source: cnaDescription
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.
Exploits (1)
exploitdb
WORKING POC
by Andrzej Olchawa_ Milenko Starcik · pythonwebappsmultiple
https://www.exploit-db.com/exploits/51878
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
VulnCheck Advisory: Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution
https://www.vulncheck.com/advisories/eclipse-equinox-osgi-console-remote-code-execution
Scores
CVSS v3
9.8
EPSS
0.0019
EPSS Percentile
40.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
equinox/[OSGi
[3.8 - 3.18]
Published
May 05, 2026
Tracked Since
May 05, 2026