Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access


 Ivanti has issued critical software updates to address several severe vulnerabilities in its Cloud Services Application (CSA).

These vulnerabilities tracked as CVE-2024-11639, CVE-2024-11772, and CVE-2024-11773, affect CSA versions 5.0.2 and earlier.

Without mitigation, these flaws could allow malicious attackers to bypass authentication, execute remote code, and manipulate databases, posing significant risks to organizations relying on CSA for endpoint management.

– Advertisement –
SIEM as a Service

Vulnerability Details

CVE-2024-11639: Authentication Bypass

This critical vulnerability has been assigned a CVSS score of 10.0. It allows an unauthenticated attacker to bypass authentication mechanisms in the admin web console of CSA.

Exploiting this flaw grants the attacker full administrative access, potentially enabling them to take complete control of the system. The vulnerability is particularly dangerous because it does not require any prior privileges or user interaction.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

CVE-2024-11772: Command Injection

With a CVSS score of 9.1, this vulnerability impacts administrators who already have elevated privileges on the CSA console.

It allows an attacker to execute arbitrary commands remotely via command injection, potentially leading to remote code execution.

While this flaw requires authenticated access, exploiting it could result in serious damage to system integrity and functionality.

CVE-2024-11773: SQL Injection

This critical vulnerability also rated 9.1 on the CVSS scale, enables attackers with admin privileges to perform SQL injection on the system.

By exploiting this flaw, malicious actors can execute arbitrary SQL queries, which may compromise the confidentiality, integrity, or availability of the system’s databases.

This could result in unauthorized access to sensitive information or disruption of database operations.

Affected Versions

The following table outlines the impacted and resolved versions of CSA:

Product Impacted Version(s) Resolved Version Patch Availability
Ivanti Cloud Services Application 5.0.2 and earlier 5.0.3 Available on the Ivanti Download Portal

Ivanti strongly advises all customers using CSA 5.0.2 or earlier to upgrade to version 5.0.3 immediately.

The patched version is available for download from the Ivanti Download Portal. Customers can refer to the documentation titled “Get Started with the Ivanti Cloud Service Application 5.0 for Endpoint Manager” for detailed instructions on the upgrade process.

Ivanti stated that, as of the disclosure date, there is no known evidence that these vulnerabilities have been exploited in the wild.

However, given the critical nature of CVE-2024-11639, which allows unauthenticated administrative access, the potential for exploitation remains high.

Organizations should prioritize this update to safeguard their systems and prevent potential unauthorized access or data breaches.

These vulnerabilities underscore the importance of timely patch management and proactive security measures.

Ivanti’s quick response in addressing these issues highlights its commitment to protecting customers. Users are urged to act immediately to ensure their systems remain secure.

Investigate Real-World Malicious Links,Malware & Phishing Attacks With ANY.RUN - Try for Free



Source link