CVE-2024-27198 is a critical software vulnerability discovered in all on-premises versions of JetBrains' TeamCity On-Premises continuous integration and continuous delivery (CI/CD) server. This flaw in software design or implementation has been exploited by threat actors, notably the BianLian ransomware operation, as part of their cyber arsenal. The vulnerability, along with another one identified as CVE-2024-27199, was initially disclosed by JetBrains in an advisory released on March 4, 2024, urging customers to apply immediate patches.
The BianLian attackers leveraged this vulnerability to gain initial access and move laterally within the network, exploiting the TeamCity flaws to expose supply chain attack risk. The exploitation of these vulnerabilities was first observed on March 12, 2024. These threat actors have continued to adapt to the changing environment, demonstrating their capacity to exploit emerging vulnerabilities, which has been noted by researchers throughout 2023 and into 2024.
In response to these threats, JetBrains has released fixes for both CVE-2024-27198 and CVE-2024-27199, strongly encouraging users to update their systems promptly. Concurrently, Check Point's IPS blade has also provided protection against these threats. Despite these security measures, it remains essential for organizations using JetBrains' TeamCity software to stay vigilant, ensuring they have applied the necessary patches and are monitoring their networks for any signs of unusual activity.
Description last updated: 2024-03-22T00:05:57.182Z