CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities


The United States Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws to its Known Exploited Vulnerabilities (KEV) database on Wednesday owing to active exploitation, while eliminating five issues due to a lack of appropriate proof.

The newly added vulnerabilities are as follows: CVE-2023-42793 (CVSS score: 9.8) - Vulnerability in JetBrains TeamCity Authentication Bypass. CVSS 7.0 for CVE-2023-28229 - Vulnerability in Microsoft Windows CNG Key Isolation Service Privilege Escalation.CVE-2023-42793 is a major authentication bypass vulnerability on TeamCity Server that allows for remote code execution. Grey Noise data has identified exploitation attempts targeting the issue from 74 different IP addresses to date.

Read More…