2024 is off to a crazy start in the cybersecurity world! Acquisitions are happening left, right, and center, and new cyber threats are emerging like weeds after a rainstorm. But fear not, security warriors! We’re here to dish on the hottest vulnerabilities that have popped up this January, the kind that will make you say, “Whoa, that’s messed up!” So let’s dig into what’s hot and happening in the world of cyber threats.
The top Vulnerabilities of January 2024 include-
- CVE-2024-23897 – Critical LFI in Jenkins
- CVE-2024-0204 – Critical Authentication Bypass in Fortra
- CVE-2024-21887 – Command Injection Vulnerability
1.CVE-2024-23897 – Critical LFI in Jenkins
First off, CVE-2024-23897 is all about the Jenkins CLI (Command Line Interface) and a critical flaw in how it processes commands. Jenkins, for the uninitiated, is a widely-used automation server, crucial in many software development workflows. Now, here’s the kicker – a seemingly innocent feature in Jenkins’ CLI turns out to be a major security headache. This flaw lets attackers sneak a peek at any files on the Jenkins controller file system, potentially exposing sensitive data and cryptographic keys. The root cause? It boils down to how Jenkins uses the args4j library to process command arguments, especially when there’s an ‘@’ character followed by a file path in an argument.
The root cause? It boils down to how Jenkins uses the args4j library to process command arguments, especially when there’s an ‘@’ character followed by a file path in an argument.
This vulnerability is no joke, with a CVSS score of 9.8, marking it as critical. Why? Well, it opens the door to various attack possibilities, including remote code execution (RCE). This means attackers could run their own code, launch cross-site scripting (XSS) attacks through build logs, uncover secrets, or even mess with your Jenkins setup by deleting stuff or snagging a Java heap dump.
CVE-2024-23897 impacts a range of Jenkins versions, specifically weekly versions up to and including 2.441, and LTS versions up to and including 2.426.2. The impact is huge – remote code execution, information disclosure, and security restriction bypass are just some of the issues on the table.
Now, let’s talk about damage control. Jenkins has rolled out patches in versions 2.442 and LTS 2.426.3, fixing the problem by disabling the vulnerable command parser feature. But here’s the drill – make sure you update your Jenkins instances to these patched versions pronto. If you can’t swing the update right away, think about temporarily blocking access to the Jenkins CLI to keep exploitation at bay.
To wrap it up, CVE-2024-23897 is a solid reminder of the need for regular security checkups and sticking to the best security practices. With Jenkins playing a crucial role in many development pipelines, it’s vital to stay on top of these vulnerabilities and patches.
2. CVE-2024-0204 – Critical Authentication Bypass in Fortra
CVE-2024-0204 is another tricky vulnerability that’s been causing a buzz in the cybersecurity scene. This one’s a critical authentication bypass flaw found in Fortra’s GoAnywhere MFT, and it’s been giving security folks a real run for their money.
Here’s the lowdown: CVE-2024-0204, rocking a hefty CVSS score of 9.8, basically lets unauthorized users stroll in and play pretend as administrators through the administration portal of GoAnywhere MFT. This is happening in versions before 7.4.1, by the way. Picture leaving your front door wide open with a bright neon sign saying, “Come on in!” Now that’s a scary thought, right?
And this isn’t just a small hiccup. It’s a big deal because GoAnywhere MFT is all about securely moving data around, and this flaw just throws all that security out the window. The bug has been chilling in versions from 6.0.1 in the 6.x series up to, but not including, 7.4.1 in the 7.x series. So, if you’re rocking one of those, it’s time to sit up and take notice.
Now for the good news – the folks at Fortra didn’t snooze on this one. They’ve already dropped a fix in version 7.4.1. If you’re still hanging out on an older version, it’s update time, ASAP! And for those on a non-container deployment, there’s a bit of DIY involved – you gotta delete a specific file (InitialAccountSetup.xhtml) in your install directory and give your services a quick restart. For the container crowd, just swap that file with an empty one and restart the services.
Adding to the urgency, there’s some proof-of-concept (PoC) code floating around for this vulnerability. It’s like giving hackers a treasure map with an ‘X’ marking the spot. In the world of cyber threats, a PoC is like an open invitation for trouble.
And just to give you some context, GoAnywhere was a prime target for ransomware groups in 2023. The CL0P ransomware group, for instance, found a zero-day vulnerability in the platform and used it to hold a bunch of organizations to ransom. Once the exploit went public, other bad actors like LOCKBIT joined the party too.
In a nutshell, CVE-2024-0204 is no joke. It’s like a backdoor left wide open for attackers. Patching up and staying alert is the game plan here.
To get details about CVE-2024-0204, visit our VI platform.
3. CVE-2024-21887 – Command Injection Vulnerability
Alright, time for another vulnerability featuring CVE-2024-21887. This nasty bug is hiding in Ivanti Connect Secure and Policy Secure (versions 9.x and 22.x), and it’s a sneaky one. It lets authenticated admins send special requests that, boom, give them magic powers to run any commands they want on the system. Talk about a security nightmare!
Now, on the danger scale, we’re talking a CVSS score of 9.1. In vulnerability language, that’s a big, flashing red alert screaming “CRITICAL”. It’s like finding out your super-secure vault can be popped open with a rubber chicken – not exactly the kind of surprise you want.
Here’s the scoop: this flaw hands an authenticated user way more power than they should have, turning them into a cyber wizard within Ivanti’s world. It sounds cool in a hacker movie, but in real life, it’s a total headache for IT security teams.
The impact? It’s like leaving the keys to the kingdom right out in the open. And with Ivanti being a major player in the secure connectivity and policy management game, that’s a big deal.
So, what’s the plan? If you’re rocking Ivanti Connect Secure or Ivanti Policy Secure in those versions, it’s patching time – and I mean ASAP. This isn’t the kind of vulnerability you casually put on your to-do list. It’s a “stop everything and fix it now” kind of situation.
To get details about CVE-2024-21887, visit our VI platform.
Vulnerabilities skyrocketed, ransomware went rogue, and threat actors upped their game like never before in 2023. Download our FREE CVE & Threat Landscape Report – Download Now