CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

March 8, 2024 at 02:09AM

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities catalog due to active exploitation by threat actors. The vulnerability allows for complete server compromise and has been weaponized to deliver ransomware. Users are urged to apply updates immediately.

Key takeaways from the meeting notes are as follows:
– CISA added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
– The vulnerability, tracked as CVE-2024-27198, allows for an authentication bypass bug that enables a complete compromise of a susceptible server by a remote unauthenticated attacker. Another moderate-severity authentication bypass flaw, CVE-2024-27199, allows for a limited amount of information disclosure and system modification.
– Threat actors have been observed weaponizing the flaws to deliver Jasmin ransomware and create rogue user accounts.
– Exploitation attempts of CVE-2024-27198 have been detected from multiple unique IP addresses.
– Users running on-premises versions of the software are advised to apply the updates as soon as possible to mitigate potential threats. Federal agencies are required to patch their instances by March 28, 2024.

Full Article