Ivanti reports of another actively exploited Cloud Services Appliance (CSA) flaw
Take action: Another reminder - If you are running Ivanti Cloud Services Appliance, update to latest 4.6 patch 519 Immediately. Then plan to replace it with a 5.0 version, since 4.6 is end of life - this is a second critical flaw found in quick succession. There will be others, and you won't get a patch.
Learn More
Ivanti has disclosed a critical security vulnerability in its Cloud Services Appliance (CSA) which has been actively exploited in targeted attacks against a limited number of customers.
This vulnerability is tracked as CVE-2024-8963 (CVSS score 9.4) and is a path traversal flaw that could allow a remote, unauthenticated attacker to access restricted functionality on vulnerable systems. This flaw allows attackers to gain access to restricted system functions.
Attackers can combine this vulnerability with a previously disclosed command injection flaw, CVE-2024-8190 to bypass admin authentication and execute arbitrary commands on the affected appliance.
Affected Platform is Ivanti CSA 4.6: This version is no longer supported as it has reached End-of-Life (EOL) status. Customers using this version are urged to upgrade to CSA 5.0, which is not impacted by this vulnerability and continues to receive patches and support.
Ivanti has confirmed that a limited number of customers have already been exploited by this vulnerability. The company discovered the issue during its investigation into the exploitation of CVE-2024-8190. Although patch 519, released on September 10, 2024, incidentally addressed CVE-2024-8963 through functionality removal, the vulnerability itself was only officially identified on September 13, 2024.
Ivanti strongly advises customers to upgrade from CSA 4.6 to CSA 5.0, as it is the only version that continues to receive support and security patches. For those using CSA 4.6, Ivanti recommends applying patch 519, which was released on September 10, 2024, and rebuilding the CSA to mitigate the vulnerability.
