The Biggest Vulnerabilities of 2024 Have Already Happened
A brand new year, so full of promise! A new decade even, certainly we are past the point of vendors shipping software and hardware full of vulnerabilities! Such hope is in vain, however. Here we are, a mere two months in, and some huge security vulnerabilities have already dropped. You don't have to be a white hat to have heard about these three big vulnerabilities:
Critical LFI in Jenkins
Critical Authentication Bypass in Fortra
Command Injection Vulnerability
Maybe they'll go down as the biggest of the year. Only time will tell. Let's do a quick roundup of what's happened already and how you can keep your systems safe.
Critical LFI Vulnerability in Jenkins: Addressing a Significant Security Concern
The cybersecurity landscape in 2024 unveiled a critical vulnerability, denoted as CVE-2024-23897, revolving around the Jenkins CLI (Command Line Interface). Jenkins, a pivotal component in many software development workflows, is the focal point of this security concern.
What appears as a benign feature in Jenkins' CLI turns out to be a substantial security headache, with a CVSS score of 9.8, categorizing it as a critical issue. The root cause lies in how Jenkins handles command arguments, particularly when processing arguments utilizing the args4j library and encountering an '@' character followed by a file path in an argument.
CVE-2024-23897 poses significant threats, including the potential for remote code execution (RCE), enabling attackers to execute their code, initiate cross-site scripting (XSS) attacks via build logs, access sensitive data, or disrupt your Jenkins setup by tampering with files or acquiring a Java heap dump.
This vulnerability casts a wide net, impacting various Jenkins versions, including weekly versions up to and including 2.441, and LTS versions up to and including 2.426.2. The consequences include remote code execution, information disclosure, and security restriction bypass. To safeguard against the CVE-2024-23897 vulnerability and protect your Jenkins environment, consider the following steps:
How to Protect Yourself from Jenkins:
Update Jenkins: Jenkins has acted quickly to address the issue by releasing patches in versions 2.442 and LTS 2.426.3. These updates disable the vulnerable command parser feature. Ensure that you promptly update your Jenkins instances to these patched versions to mitigate the risk.
Temporary CLI Access Block: If immediate updates are not feasible, temporarily block access to the Jenkins CLI. This measure can help minimize the potential for exploitation while you work on implementing the necessary updates.
In conclusion, CVE-2024-23897 serves as a stark reminder of the importance of regular security assessments and adherence to best security practices. Jenkins remains a critical component in numerous development pipelines, making it imperative to stay vigilant and promptly address vulnerabilities and patches to ensure the security of your software development workflows.
Windows BitLocker Vulnerability: Unauthenticated Access Risk
A significant security concern emerged in January 2024 regarding a Windows vulnerability that could bypass the BitLocker Device Encryption feature, particularly affecting the system storage device. This vulnerability allows an attacker with physical access to gain unauthorized access to encrypted data.
The exploit is only possible with the "winre.wim" located on the recovery partition of the device and cannot be triggered using a bootable Windows ISO or USB flash drive. It is essential to follow these steps to ensure your system remains protected against this security vulnerability.
How to Protect Your Windows Machines
To protect your system from this vulnerability, consider the following steps:
1. Check Windows Version: Determine the version of Windows you are using.
2. Update Windows Recovery Environment (WinRE): Depending on your Windows version, you may need to update WinRE to safeguard against this vulnerability.
For certain Windows versions, the WinRE update is fully automated and included in the Latest Cumulative Update.
For other versions, specific updates for WinRE are available to apply the latest Safe OS Dynamic Update.
Alternatively, you can download the latest Windows Safe OS Dynamic Update from the Microsoft Update Catalog and manually apply the WinRE update.
3. TPM+PIN Protection: If you use TPM+PIN BitLocker protectors, the attacker needs to know the TPM PIN to exploit the vulnerability. This offers an additional layer of security.
4. Verify WinRE Update: You can check if WinRE has successfully updated by using the command "DISM /Get-Packages" on a mounted WinRE image. This ensures that the latest Safe OS Dynamic Update package is present.
Cisco Unity Connection: Security Alert
This vulnerability has recently been modified and is currently awaiting reanalysis by the NVD. It poses a significant security risk due to its potential impact.
This vulnerability exists in the web-based management interface of Cisco Unity Connection. It could enable an unauthenticated attacker, who is remote and not authorized, to upload arbitrary files to a vulnerable system and execute commands on the underlying operating system.
The vulnerability arises from a lack of authentication in a specific API and improper validation of user-supplied data. To exploit this vulnerability, an attacker would upload arbitrary files to the affected system.
Successful exploitation of this vulnerability could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate their privileges to root.
How Severe This Vulnerability Is
The severity of this vulnerability is rated as critical, with a CVSS 3.x score of 9.8, which indicates a significant security threat. The NIST CVSS score rates it as CRITICAL, denoting a high level of risk, while the CNA (Cisco Systems, Inc.) Base Score is 7.3, indicating a HIGH level of severity.
However, CVSS scores may vary, and NVD analysts use publicly available information to assign these scores. The potential impact of this vulnerability underscores the importance of prompt attention and remediation.
How to Protect Yourself From Everything
The fix for just about all of these? It's nothing fancy. Patch early and patch often. Especially with any service exposed to the internet, it is so critical that those systems must be monitored and updated, otherwise you might just be rolling out the red carpet for bad actors across the interwebs. Stay safe out there and keep those systems secure!
delivered to your inbox.