Description |
This article describes the JetBrains TeamCity Authentication Bypass Attack coverage with FortiNDR Cloud. CVE-2023-42793 is a critical authentication bypass that could lead to unauthenticated remote code execution. |
||||||||||||
CVE ID |
CVE-2023-42793 (https://nvd.nist.gov/vuln/detail/CVE-2023-42793) |
||||||||||||
NDR Cloud Detection Rule |
After exploitation, threat actors will use AnyDesk to perform further actions. Look for suspicious usage of AnyDesk using the following detection:
|
||||||||||||
Threat hunting |
FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “JetBrains TeamCity Authentication Bypass Attack” related activities. https://www.fortiguard.com/outbreak-ioc?tag=JetBrains%20TeamCity%20RCE |
||||||||||||
Suricata Coverage |
Customers can create custom investigation/detections using the Suricata signatures below: 2048460 -> ET EXPLOIT JetBrains TeamCity Auth Bypass Attempt (CVE-2023-42793) 2048461 -> ET EXPLOIT JetBrains TeamCity Auth Bypass Successful Attempt (CVE-2023-42793) |
||||||||||||
Other Fortinet Products |
For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to https://www.fortiguard.com/outbreak-alert/jetbrains-teamcity-rce |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.