Ivanti has warned about a critical vulnerability in its Cloud Services Appliance (CSA) 4.6, which has been actively exploited in attacks.
The vulnerability, identified as CVE-2024-8963, is a path traversal flaw that allows remote unauthenticated attackers to access restricted functionality.
When combined with another high-severity vulnerability, CVE-2024-8190, attackers can bypass admin authentication and execute arbitrary commands on the appliance.
The affected versions of CSA 4.6 are all versions before Patch 519. Ivanti has released Patch to address the vulnerability, but since CSA 4.6 has reached its end-of-life status, the company strongly recommends upgrading to CSA 5.0 for continued support.
Meet the CISOs, Join the Virtual Panel to Learn compliance – Join Free
CSA 5.0 is the only supported version of the product and is not affected by this vulnerability.
Ivanti has confirmed that this vulnerability has exploited a limited number of customers.
The company recommends reviewing the CSA for modified or newly added administrative users and reviewing EDR alerts to detect any potential exploitation attempts.
If a compromise is suspected, Ivanti recommends rebuilding the CSA with Patch 519 and upgrading to CSA 5.0, where possible.
To mitigate the risk, Ivanti also recommends ensuring dual-homed CSA configurations with eth0 as an internal network and using a layered approach to security, including installing an EDR tool on the CSA.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Ivanti CSA vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply the fixes by October 4, 2024.
Ivanti has provided additional guidance and resources for customers, including a patch download link and a success portal for logging cases and requesting calls.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial