TeamCity Vulnerabilities Exploited To Perform A Variety Of Malicious Operations

JetBrains disclosed two critical vulnerabilities CVE-2024-27198 and CVE-2024-27199 in the TeamCity On-Premises platform on March 4 2024. These vulnerabilities allow attackers to bypass authentication and gain administrative control leading to the deployment of malicious activities such as ransomware cryptocurrency miners Cobalt Strike beacons backdoors and domain discovery and persistence commands. Public proof-of-concept exploits are already circulating increasing the risk of widespread exploitation. The urgency of addressing these vulnerabilities is highlighted by the active exploitation observed through telemetry and the inclusion of CVE-2024-27198 in the CISAs Known Exploited Vulnerabilities catalog. Organizations using affected TeamCity servers are advised to update their software promptly to protect their data and systems. Rapid7s analysis reveals the potential for unauthenticated attackers to achieve remote code execution and directory traversal emphasizing the critical nature of these security flaws and the importance of swift remediation efforts to prevent ransomware attacks and other security breaches.