Ivanti has released crucial security updates to address multiple vulnerabilities in its Cloud Services Application (CSA) software, including critical flaws that could allow attackers to bypass authentication and execute remote code. Organizations are urged to update their software immediately to protect their systems.
The Advanced Research Team at CrowdStrike responsibly disclosed these vulnerabilities, enabling Ivanti to develop and release a timely fix.
Critical Vulnerabilities
A detailed analysis of recent critical authentication bypass vulnerabilities reveals significant security concerns:
CVE-2024-11639 describes an authentication bypass vulnerability in the CSA admin web console. This flaw allows remote, unauthenticated attackers to gain administrative access, posing a critical security risk.
It has a severity rating of 10.0 (Critical) and is categorized under CWE-288 (Authentication Bypass Using an Alternate Path or Channel).
CVE-2024-11772 identifies a command injection vulnerability in the admin web console. This vulnerability enables authenticated admin users to execute remote code, jeopardizing system integrity.
It has a severity score of 9.1 (Critical) and is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command).
CVE-2024-11773 outlines a SQL injection vulnerability that allows authenticated admin users to execute arbitrary SQL commands.
This can lead to unauthorized data access or manipulation, significantly compromising system security. It also carries a severity rating of 9.1 (Critical) and is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command).
These vulnerabilities highlight the critical need for timely updates and robust security measures to prevent exploitation.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Impact and Affected System
These vulnerabilities affect all versions of Ivanti CSA prior to version 5.0.3. While Ivanti has stated that there are no known instances of these flaws being exploited in the wild, the company strongly urges customers to upgrade to version 5.0.3 immediately.
“We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program.”
“The security of our customers is our top priority,” an Ivanti said. “We have worked quickly to address these vulnerabilities and provide a secure update for our users.”
Security experts emphasize the severity of these vulnerabilities, particularly the authentication bypass flaw. “A CVSS score of 10.0 is as critical as it gets,” noted security researchers. “Organizations should treat this update with the highest priority.”
The disclosure came through Ivanti’s responsible disclosure program, highlighting the importance of collaboration between security researchers and software vendors in maintaining cybersecurity standards.
Ivanti has established support channels through its Success Portal for customers who require assistance with the upgrade process or have additional questions about these vulnerabilities.
Investigate Real-World Malicious Links,Malware & Phishing Attacks With ANY.RUN - Try for Free
