The U.S. [1] [3] [6] Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding vulnerabilities in the “Windows CNG Key Isolation Service” and “JetBrains TeamCity” that are cur [3]rently being exploited [1]. This article provides a detailed description of the vulnerabilities and their potential impacts.
Description
CISA has identified two vulnerabilities, “CVE-2023-42793” and “CVE-2023-28229,” and added them to its Known Exploited Vulnerabilities (KEV) catalog. The first vulnerability [6], CVE-2023-42793 [1] [2] [3] [4] [5] [6], is a critical authentication bypass vulnerability in JetBrains TeamCity [2] [3] [5]. It allows for remote code execution on the TeamCity Server and has been exploited from 74 unique IP addresses [2]. This vulnerability poses a significant risk, as it could lead to the theft of source code [6], service secrets [6], private keys [6], and the hijacking of build agents and contamination of build artifacts [6].
The second vulnerability [6], CVE-2023-28229 [1] [2] [3] [4] [5] [6], is a high-severity privilege escalation vulnerability in the Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service [2] [3]. While there are no reports of in-the-wild exploitation [2] [3] [5], a proof-of-concept (PoC) has been made available [2]. This vulnerability enables an attacker to gain specific limited SYSTEM privileges [2]. Microsoft has already patched CVE-2023-28229 and labeled it as “Exploitation Less Likely.”
CISA has also removed five vulnerabilities affecting Owl Labs Meeting Owl from the KEV catalog due to insufficient evidence. However, it is crucial for Federal Civilian Executive Branch (FCEB) agencies to apply the vendor-provided patches for the two newly added vulnerabilities by October 25, 2023 [3].
Conclusion
The vulnerabilities in the “Windows CNG Key Isolation Service” and “JetBrains TeamCity” pose significant risks to organizations. It is essential for US government agencies and other affected parties to address these vulnerabilities promptly. Failure to do so could result in the theft of sensitive information, unauthorized access [4], and potential widespread exploitation [1]. By applying the necessary patches and following recommended security measures, organizations can mitigate the risks associated with these vulnerabilities and protect their systems and data.
References
[1] https://www.security-next.com/149951
[2] http://bssn.esy.es/index.php/2023/10/05/cisa-warns-of-active-exploitation-of-jetbrains-and-windows-vulnerabilities/
[3] https://thehackernews.com/2023/10/cisa-warns-of-active-exploitation-of.html
[4] https://latesthackernews.com/cisa-warns-of-active-exploits-for-jetbrains-and-windows/
[5] https://www.redpacketsecurity.com/cisa-warns-of-active-exploitation-of-jetbrains-and-windows-vulnerabilities/
[6] https://securityonline.info/two-critical-security-vulnerabilities-actively-exploited-cisa-warns/
