Lenovo has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
Users and Administrators are encouraged to review Lenovo Security Advisories dated 7th March 2024 and apply necessary updates.
NetApp has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
Users and Administrators are encouraged to review NetApp Security Advisories dated 7th March 2024 and apply necessary updates.
HP has released security updates to address vulnerabilities in UC Software. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
Users and Administrators are encouraged to review HP Security Bulletins HPSBPY03897, HPSBPY03896 and HPSBPY03898 and apply necessary updates.
Advisory No: TZCERT/SA/2024/03/07
Date of First Release: 07th March 2024
Source: FortiGate
Software Affected:
| Version | Affected |
| FortiOS 7.4 | 7.4.0 through 7.4.2 |
| FortiOS 7.2 | 7.2.0 through 7.2.6 |
| FortiOS 7.0 | 7.0.0 through 7.0.13 |
| FortiOS 6.4 | 6.4.0 through 6.4.14 |
| FortiOS 6.2 | 6.2.0 through 6.2.15 |
| FortiOS 6.0 | 6.0.0 through 6.0.17 |
| FortiProxy 7.4 | 7.4.0 through 7.4.2 |
| FortiProxy 7.2 | 7.2.0 through 7.2.8 |
| FortiProxy 7.0 | 7.0.0 through 7.0.14 |
| FortiProxy 2.0 | 2.0.0 through 2.0.13 |
| FortiProxy 1.2 | 1.2 all versions |
| FortiProxy 1.1 | 1.1 all versions |
| FortiProxy 1.0 | 1.0 all versions |
Overview:
An out-of-bounds write vulnerability [CVE-2024-21762] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Description:
The flaw is in a network’s security system, potentially allowing unauthorized external access. The vulnerability has a high CVSS score of 9.6 to 9.8, indicating a significant risk level. Reports suggest that this vulnerability could already be exploited in the wild.
Impact:
Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.
Solution:
Users and administrators of affected product versions are advised to update to the latest version immediately.
References:
Advisory No: TZCERT/SA/2024/03/06
Date of First Release: 6th March 2024
Source: JetBrains
Software Affected: TeamCity On-Premises
Overview:
Vulnerabilities exists in JetBrains TeamCity On-Premises software which allows an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.
CVE-2024-27198 (CVSS base score of 9.8 – Critical): is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288).
CVE-2024-27199 (CVSS base score of 7.3 – High): is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22).
TeamCity Cloud servers have already been patched.
Impact:
Successful exploitation of these vulnerabilities may allow an unauthenticated attacker to bypass the authentication checks and gain administrative control of the TeamCity server.
Solution:
A workaround for these vulnerabilities has been released. Users and administrators are encouraged to
References:
Tanzania Computer Emergency Response Team