" Urgent TeamCity Vulnerabilities Alert! Patch Now! "

JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults.

Source: BleepingComputer

Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec

" Critical Vulnerabilities Alert in ConnectWise Software "

Two vulnerabilities have been identified in ConnectWise's remote desktop software, ScreenConnect, affecting versions 23.9.7 and prior. The first vulnerability (CVE-2024-1708) is a path-traversal issue allowing potential remote code execution or access to sensitive data, rated with a high severity score of 8.4.

The second (CVE-2024-1709) is an authentication bypass, considered critical with a severity score of 10.0, and is easily exploitable with existing proof-of-concept exploits. ConnectWise has issued updates for cloud-hosted instances, but self-hosted deployments need immediate patching. The exposure is global, with significant concentrations in the United States, and it's expected that cybercriminals and nation-state actors will actively exploit these vulnerabilities.

| ---- | ---- | ---- |
| CVE Number | Description | *CVSS Severity* |
| CVE-2024-1708 | ScreenConnect 23.9.7 and prior are affected by a path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. | 8.4 High |
| CVE-2024-1709 | ConnectWise ScreenConnect 23.9.7 and prior are affected by an authentication bypass using an alternate path or channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | 10.0 Critical |

Professionals using ConnectWise must urgently patch their systems to mitigate these vulnerabilities. The discovery underscores the importance of rigorous security practices in protecting IT infrastructures.

Tags: #CyberSecurity #VulnerabilityAlert #ConnectWise #CVE2024_1708 #CVE2024_1709 #PatchManagement #ITSecurity #RemoteCodeExecution #PrivilegeEscalation

Source: Unit42 by Palo Alto Networks

" 2x High Alert: Ivanti's CVE-2024-21888 - Privilege Escalation Vulnerability AND CVE-2024-21893 - Server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure"

A high-severity vulnerability, CVE-2024-21888, has been identified in Ivanti Connect Secure & Ivanti Policy Secure (versions 9.x, 22.x). This vulnerability permits privilege escalation, allowing a user to gain administrative privileges.

And also a high vulnerability, named CVE-2024-21893, has been discovered in Ivanti Connect Secure and Policy Secure up to versions 9.1R18/22.6R2. This vulnerability affects the SAML component and can be exploited remotely. It allows an attacker to manipulate unknown input, leading to a server-side request forgery issue. There is no publicly available exploit.

A patch has been released to address this vulnerability. Admins are advised to apply patches ASAP and consider a factory reset of devices as an extra precaution.

Tags: #CyberSecurity #VulnerabilityAlert #Ivanti #CVE202421888 #CVE2024221893 #PrivilegeEscalation #PatchManagement #InfosecCommunity #SystemAdmins

Source: Ivanti's Forums Tenable

" Critical RCE Vulnerability in Cisco Unified Communications Products "

A significant remote code execution (RCE) vulnerability has been identified in multiple Cisco Unified Communications and Contact Center Solutions products. This vulnerability, due to improper processing of user-provided data, could enable unauthenticated attackers to execute arbitrary code with web service user privileges, potentially leading to root access on the affected device. Cisco has released software updates, as there are no workarounds for this vulnerability.

The vulnerability affects a range of Cisco products in their default configurations, including various versions of Unified Communications Manager, Unified Contact Center Enterprise, Unity Connection, and more.

For more details, check the Cisco advisory: Cisco Security Advisory

Additionally, CISA has released an alert urging users and administrators to review Cisco's advisories and apply necessary updates to affected systems.

Tags: #CiscoSecurity #RCE #VulnerabilityAlert #CyberSecurity #InfoSec #PatchManagement #CiscoUC

Source: Cisco Security Advisory, CISA Advisory

" Critical Zero-Day in Apache OFBiz - A Gateway to Confluence Server Exploits "

SonicWall's research team has uncovered a critical zero-day vulnerability in Apache OFBiz, a widely-used open-source enterprise resource planning system. The flaw, CVE-2023-49070, enables Pre-auth remote code execution (RCE), posing a severe risk to organizations. Attackers are leveraging this to find and exploit vulnerable Confluence servers. Users of Apache OFBiz are recommended to upgrade to version 18.12.11 as soon as possible.

This vulnerability, tagged as T1190 (Exploit Public-Facing Application) in the MITRE ATT&CK framework, allows adversaries to execute arbitrary code remotely, potentially leading to full system compromise.

Stay vigilant and patch immediately!

Sources: SonicWall Blog, BleepingComputer

Tags: #Cybersecurity #ZeroDay #ApacheOFBiz #RCE #Confluence #PatchManagement #VulnerabilityAlert #MITREATTACK #ExploitPublicFacingApplication

" #HPEOneView Alert! Triple Vulnerability Threat Uncovered "

Hewlett Packard Enterprise's OneView Software is under the spotlight with three critical vulnerabilities identified. These flaws can lead to authentication bypass, sensitive data exposure, and even denial of service. If you're using HPE OneView, it's time to patch up!

Vulnerabilities:
CVE-2023-30908 – Remote Authentication Bypass: Scored a whopping 9.8 on CVSS, this flaw allows attackers to bypass authentication due to mishandling of user credentials in HPE OneView. Kudos to Sina Kheirkhah (@SinSinology) from the Summoning Team (@SummoningTeam) for reporting this!

CVE-2022-4304 – Disclosure of Sensitive Information: A timing-based side channel in OpenSSL's RSA Decryption can leak sensitive info. Attackers can exploit this by sending numerous trial decryption messages.

CVE-2023-2650 – Denial of Service: This flaw lies in OpenSSL's OBJ_obj2txt() method, allowing attackers to launch a DoS attack on HPE OneView.

Impacted? Versions prior to v8.5 and v6.60.05 patch are vulnerable. But don't fret! HPE has released patches for these versions. Head to the HPE Support Center and upgrade ASAP!

Source: Guru's Article, September 11, 2023

Tags: #Cybersecurity #HPE #VulnerabilityAlert #PatchNow #OpenSSL #DoS #AuthenticationBypass #SensitiveDataLeak #InfoSecCommunity