This week saw some repeat products from previous vulnerability recaps, such as Ivanti Policy Secure and JetBrains TeamCity servers. One of the most notable vulnerabilities for this week is Fortinet’s critical FortiOS issue, which affects Fortinet products that use the affected versions of the network operating system. Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats.
February 5, 2024
JetBrains TeamCity Saga Continues with Another Server Vulnerability
Type of vulnerability: Authentication bypass by an unauthenticated attacker.
The problem: JetBrains has discovered yet another vulnerability, affecting multiple TeamCity on-premises servers. This vulnerability can allow an unauthenticated attacker who has HTTP(S) TeamCity server access to bypass authentication checks and gain administrative control of that TeamCity server, according to JetBrains. The vulnerability is tracked as CVE-2024-23917.
The fix: According to JetBrains, the vulnerability affects TeamCity on-prem versions 2017.1 through 2023.11.2. JetBrains fixed it in version 2023.11.3 and continues to encourage users to update servers to the most recent version.
JetBrains also announced that it had already patched TeamCity Cloud Servers and verified that they hadn’t been attacked.
February 6, 2024
Linux Vulnerability Comes on Heels of Last Week’s Announcement
Type of vulnerability: Remote code execution.
The problem: Linux distributions have seen a new vulnerability, a remote code execution in the Shim software Secure Boot process. This code exists in all software that uses Secure Boot, like SUSE, Red Hat, and Debian. The RCE vulnerability is tracked as CVE-2023-40547 and has a severity rating of 8.3. This is not to be confused with last week’s heap-based buffer overflow vulnerability.
Attackers can use man-in-the-middle techniques to exploit the vulnerability. They could also locally exploit CVE-2023-40547 if they had sufficient privileges or could manipulate PXE to chain-load a vulnerable shim bootloader, according to researchers at Eclypsium.
The fix: For mitigation, Red Hat recommends configuring the boot order of the server to ‘disable’ or skipping the network boot process.
Orca Publishes Study on Issues in Azure HDInsight Third Parties
Type of vulnerability: Privilege escalation and denial of service.
The problem: Microsoft Azure’s HDInsight product has multiple third-party services with recently discovered vulnerabilities, including Apache Spark, Kafka, and Hadoop. Orca Security published a blog post about the vulnerabilities — its researchers discovered and reported the issues in Fall 2023, and Microsoft quickly patched them. Orca has now released further research information.
The Apache products had three known vulnerabilities, two potentially leading to privilege escalation and one a potential cause of Regex denial of service. Both vulnerabilities affected authenticated users of Apache Oozie and Apache Ambari.
The fix: Microsoft has released patches for all three vulnerabilities — CVE-2023-36419, CVE-2023-38156, and the Regex DoS vulnerability, which doesn’t have an assigned CVE number.
February 8, 2024
FortiOS Sees Critical Vulnerability in SSL VPN Functionality
Type of vulnerability: Arbitrary code execution by an unauthenticated user.
The problem: Fortinet disclosed a vulnerability in its SSL VPN feature within FortiOS, the operating system that manages its next-generation firewall products. The vulnerability is an out-of-bounds write issue that, when exploited, could permit a remote unauthenticated attacker to execute arbitrary code through specific HTTP requests.
The vulnerability is tracked as CVE-2024-21762 and has a critical severity rating. Fortinet warns that it’s potentially being exploited in the wild.
The fix: Fortinet told users to disable SSL VPN. It also emphasized that ‘disable webmode’ won’t solve the problem and isn’t a legitimate workaround.
Fortinet provides the following upgrade information for affected versions:
- FortiOS 7.4 (versions 7.4.0 through 7.4.2): 7.4.3 or above
- FortiOS 7.2 (versions 7.2.0 through 7.2.6): 7.2.7 or above
- FortiOS 7.0 (versions 7.0.0 through 7.0.13): 7.0.14 or above
- FortiOS 6.4 (versions 6.4.0 through 6.4.14): 6.4.15 or above
- FortiOS 6.2 (versions 6.2.0 through 6.2.15): 6.2.16 or above
- FortiOS 6.0 (all versions of 6.0): Migrate to fixed release of FortiOS
Fortinet also offers upgrade information for FortiProxy.
There’s a New Ivanti Vulnerability in Connect Secure & Policy Secure
Type of vulnerability: Resource access by an unauthenticated attacker.
The problem: Ivanti’s encountered multiple issues the last couple of months, and now a new Connect Secure and Policy Secure vulnerability has reared its head. The vulnerability allows an unauthenticated attacker to access restricted resources through an XML external entity or XXE vulnerability in the SAML component of the affected versions of Policy Secure, Connect Secure, and ZTA gateways.
The vulnerability is tracked as CVE-2024-22024 and has a CVSS severity rating of 8.3.
The fix: Ivanti has released patches for the following product versions:
- Connect Secure 9.1R14.5
- Connect Secure 9.1R17.3
- Connect Secure 9.1R18.4
- Connect Secure 22.4R2.3
- Connect Secure 22.5R1.2
- Connect Secure 22.5R2.3
- Connect Secure 22.6R2.2
- Policy Secure 9.1R17.3
- Policy Secure9.1R18.4
- Policy Secure 22.5R1.2
- ZTA gateway 22.5R1.6
- ZTA gateway 22.6R1.5
- ZTA gateway 22.6R1.7
Read next:
- VulnRecap 2/5/24 — Azure, Apple, Ivanti, & Mastodon at Risk
- 6 Best Vulnerability Management Software & Systems in 2024
- 7 Best Vulnerability Scanning Tools & Software for 2024
