Security Update S-2024-01
Security vulnerabilities were found in two components of the baramundi Management Suite (bMS) during security tests.
The overall risk to the bMS associated with these security vulnerabilities is rated by baramundi as high to critical.
We therefore strongly recommend that you install the update.
baramundi Management Agent
The update for the baramundi Management Agent (bMA) closes a security vulnerability in the bMA (CVE-2024-6689), which may allow local privilege escalation. We rate this vulnerability as high (CVSS v3.1 of 7.8), but not critical.
The update is applied by deploying the current bMA to all clients. The automatic update mechanism for the bMA is used for this. The setup file of the new bMA must be stored on the baramundi Management Server (bServer) and on the primary DIP so that it uses the latest version. The bMA matching the bMS version must be used.
baramundi Management Server
The update for the baramundi Management Server (bServer) closes a security vulnerability in the Server, which may allow the storing of arbitrary files and the execution of arbitrary code on the server side. We rate this vulnerability as critical (CVSS v3.1 of 9.0).
The update is performed by replacing the affected file (bServer.exe).
We have prepared a FixIt tool (S-2024-01.zip) to make the installation process simple. It contains all bMA setup files and bServer files of the supported versions and automatically places the correct versions on the baramundi Server.
We provide a fix for the following versions:
- baramundi Management Suite 2022
- baramundi Management Suite 2022 R2
- baramundi Management Suite 2023
- baramundi Management Suite 2023 R2
The updated files and agents have the following version numbers:
- baramundi Management Suite 2022: 22.1.485
- baramundi Management Suite 2022 R2: 22.2.283
- baramundi Management Suite 2023: 23.1.248
- baramundi Management Suite 2023 R2: 23.2.215