Cyber security news for all

More

    Ivanti Reports Active Exploitation of Cloud Service Appliance Vulnerabilities

    Ivanti has issued a warning regarding three newly identified security vulnerabilities within its Cloud Service Appliance (CSA), which have been found to be actively exploited by attackers. These zero-day vulnerabilities were utilized along with another previously patched flaw in the CSA, the Utah-based software services provider reported.

    The attackers have exploited these vulnerabilities to perform actions such as bypassing security restrictions, executing arbitrary SQL commands, and achieving remote code execution. Ivanti noted that these vulnerabilities were primarily being exploited on CSA version 4.6 patch 518 and earlier.

    Details of the Vulnerabilities:

    • CVE-2024-9379 (CVSS score: 6.5) – A SQL injection vulnerability in the admin web console of Ivanti CSA versions prior to 5.0.2, which allows a remote authenticated attacker with admin privileges to execute arbitrary SQL commands.
    • CVE-2024-9380 (CVSS score: 7.2) – An operating system command injection flaw in the admin web console of Ivanti CSA before version 5.0.2, allowing remote code execution.
    • CVE-2024-9381 (CVSS score: 7.2) – A path traversal vulnerability in Ivanti CSA prior to version 5.0.2, allowing a remote authenticated attacker to bypass restrictions.

    Additionally, Ivanti has linked these vulnerabilities to CVE-2024-8963 (CVSS score: 9.4), a critical path traversal flaw previously patched, but which has been seen exploited in conjunction with the new vulnerabilities.

    Response and Recommendations:

    Ivanti has corrected the vulnerability documentation to clarify that CVE-2024-9381 is not being actively exploited due to a clerical error initially suggesting otherwise. The company urges customers to upgrade to the latest CSA version 5.0.2 and to review administrative user changes for any signs of compromise. Endpoint detection and response (EDR) tools should also be monitored for alerts.

    This advisory update follows closely after a related security flaw in Ivanti Endpoint Manager was cataloged as a Known Exploited Vulnerability by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), emphasizing the heightened risk environment for Ivanti products.

    CISA has required federal agencies to patch the vulnerabilities CVE-2024-9379 and CVE-2024-9380 by October 30, 2024, reflecting the severity of the risks they pose.

    For ongoing updates and more detailed information, Ivanti customers and IT security professionals are advised to refer to the official Ivanti advisory communications.

    Recent Articles

    Related Stories