How to Protect Against Remote Code Execution

Explore top LinkedIn content from expert professionals.

  • View profile for Roi Cohen

    CEO & Co-Founder @ Vicarius | MBA, Cybersecurity Expert

    25,502 followers

    🚨 CVE-2024-6409 found in OpenSSH on Red Hat Enterprise Linux 9 This vulnerability impacts OpenSSH versions 8.7p1 and 8.8p1, leading to a signal handler race condition that could allow remote code execution (RCE) through unsafe signal handling similar to CVE-2024-6387 (regreSSHion). Authenticated attackers can exploit this flaw by triggering a SIGALRM signal handler in sshd, leading to potential RCE within the unprivileged user running the sshd server. What you can do: ⚆ Update RHEL: Update your RHEL system to the latest security patches available. ⚆ Monitor and audit: Continuously monitor your systems for unusual activities and perform regular security audits. ⚆ Restrict SSH access: Limit SSH access to trusted IP addresses and use firewall rules to minimize exposure. ⚆ Utilize the following scripts by Vicarius research team: 🔍 Detection script: https://lnkd.in/dfnx6hmJ 🩹 Remediation script: https://lnkd.in/drkNss9f

  • View profile for Peter Makohon

    Global Head of Cyber Threat Management at AIG

    4,019 followers

    CI/CD Pipeline Vulnerability - Jenkins RCE CVE-2024-23897 Jenkins, a widely adopted open-source automation platform, has recently disclosed a critical vulnerability, CVE-2024-23897, that could lead to Remote Code Execution (RCE). This vulnerability has a CVSS score of 9.8, indicating its high severity. ## Technical Details The vulnerability arises from an arbitrary file read issue specifically impacting Jenkins' Command Line Interface (CLI). The CLI, used to access Jenkins from script or shell environments, employs the args4j library to parse commands. A specific parser feature, 'expandAtFiles,' replaces '@' character followed by a file path in an argument with the file's content. This flaw allows unauthenticated remote attackers to read arbitrary files on the Jenkins controller using the CLI. The exposure enables attackers, based on their permission levels, to read entire files or merely the first few lines, potentially revealing sensitive data and cryptographic keys. This vulnerability also extends to the reading of binary files, which, depending on the file’s encoding, could lead to various RCE scenarios. ## Impact on Organizations Jenkins has over 300,000 installations globally, solidifying its position as a leader in the CI/CD space. Therefore, vulnerabilities in Jenkins' core functionality pose a significant risk that must be addressed. If this vulnerability is not patched quickly, it could allow unauthenticated remote attackers to execute arbitrary code on Jenkins controllers. This could lead to unauthorized access to sensitive data, disruption of services, and potentially, full system compromise. Moreover, past incidents have shown how supply chain attacks through software like Jenkins can lead to significant breaches. Therefore, organizations should treat these updates as a priority for any internet-facing Jenkins instances. ## Mitigation Steps Jenkins has released new versions of Jenkins core and several plugins to address this vulnerability. The issue has been addressed in versions 2.442, LTS 2.426.3 by disabling the command parser feature. However, if updating Jenkins immediately is not feasible, administrators can disable access to CLI as a workaround method. It's important to note that this action is not recommended, especially for networks exposed to non-admin users. In addition to applying patches, organizations should regularly monitor and audit systems for unusual activities or signs of compromise. Citations: [1] https://lnkd.in/gCjEgeSR [2] https://lnkd.in/gXvAWv2G [3] https://lnkd.in/giqUcwif

  • View profile for Ashwani Paliwal

    Next-gen agentless Patch & Vulnerability Management Platform | Founder & CEO, SecOps Solution

    7,561 followers

    𝗣𝗮𝘁𝗰𝗵 𝗪𝗲𝗱𝗻𝗲𝘀𝗱𝗮𝘆 𝘄𝗶𝘁𝗵 SecOps Solution (𝟳𝟳/𝟭𝟬𝟬) 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗦𝗵𝗮𝗿𝗲𝗣𝗼𝗶𝗻𝘁 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝗣𝗮𝘁𝗰𝗵𝗲𝘀: 𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟱𝟯𝟳𝟳𝟬 & 𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟱𝟯𝟳𝟳𝟭 This week’s spotlight is on two 𝗮𝗰𝘁𝗶𝘃𝗲𝗹𝘆 𝗲𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱 𝘇𝗲𝗿𝗼-𝗱𝗮𝘆 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 in Microsoft SharePoint Server. CVE-2025-53770 carries a 𝗖𝗩𝗦𝗦 𝘀𝗰𝗼𝗿𝗲 𝗼𝗳 𝟵.𝟴 and allows for 𝗿𝗲𝗺𝗼𝘁𝗲 𝗰𝗼𝗱𝗲 𝗲𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻 (𝗥𝗖𝗘). Microsoft has confirmed that this vulnerability is already being used in the wild. 𝗜𝗺𝗺𝗲𝗱𝗶𝗮𝘁𝗲 𝗽𝗮𝘁𝗰𝗵𝗶𝗻𝗴 𝗶𝘀 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹. 𝗔𝗳𝗳𝗲𝗰𝘁𝗲𝗱 𝗦𝗵𝗮𝗿𝗲𝗣𝗼𝗶𝗻𝘁 𝗩𝗲𝗿𝘀𝗶𝗼𝗻𝘀 (𝗢𝗻-𝗣𝗿𝗲𝗺𝗶𝘀𝗲𝘀): • SharePoint Server 2016 • SharePoint Server 2019 • SharePoint Subscription Edition Refer to Microsoft advisories for 𝗞𝗕𝟱𝟬𝟬𝟮𝟳𝟱𝟰 and 𝗞𝗕𝟱𝟬𝟬𝟮𝟳𝟱𝟯 for detailed patch info. 𝗠𝗮𝗻𝘂𝗮𝗹 𝗣𝗮𝘁𝗰𝗵 𝗗𝗲𝗽𝗹𝗼𝘆𝗺𝗲𝗻𝘁 𝗦𝘁𝗲𝗽𝘀 1. 𝗗𝗼𝘄𝗻𝗹𝗼𝗮𝗱 𝘁𝗵𝗲 𝗣𝗮𝘁𝗰𝗵 • Search for KB5002754 and KB5002753 on the Microsoft Update Catalog and download the correct .exe files for your system. 2. 𝗜𝗻𝘀𝘁𝗮𝗹𝗹 𝘁𝗵𝗲 𝗣𝗮𝘁𝗰𝗵 • Copy the installer to your SharePoint server. • Double-click the .exe file and follow the installation steps. • Restart the server if prompted. 3. 𝗩𝗮𝗹𝗶𝗱𝗮𝘁𝗲 𝘁𝗵𝗲 𝗜𝗻𝘀𝘁𝗮𝗹𝗹𝗮𝘁𝗶𝗼𝗻 • Go to Control Panel → Programs and Features → View Installed Updates • Ensure the relevant KBs are listed. --- 𝗞𝗲𝘆 𝗖𝗼𝗻𝘀𝗶𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝘀 • Ensure the patch matches your system architecture, OS, and build version. • Always follow the correct installation sequence. • Check if a system reboot is required and execute it safely to avoid corruption. Want to see the patching process in action? Our walkthrough video demonstrates the deployment using SecOps Solution. #PatchWednesday #SharePoint #CVE202553770 #CVE202553771 #ZeroDay #RCE #CyberSecurity #PatchManagement #Infosec

Explore categories