Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Avatar
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated
[[{“value”:”

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.

The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said.

Successful exploitation of these vulnerabilities could allow an authenticated attacker with admin privileges to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution.

“We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963,” the company said.

There is no evidence of exploitation against customer environments running CSA 5.0. A brief description of the three shortcomings is as follows –

CVE-2024-9379 (CVSS score: 6.5) – SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements
CVE-2024-9380 (CVSS score: 7.2) – An operating system (OS) command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution
CVE-2024-9381 (CVSS score: 7.2) – Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

The attacks observed by Ivanti involve combining the aforementioned flaws with CVE-2024-8963 (CVSS score: 9.4), a critical path traversal vulnerability that allows a remote unauthenticated attacker to access restricted functionality.

Ivanti said it discovered the three new flaws as part of its investigation into the exploitation of CVE-2024-8963 and CVE-2024-8190 (CVSS score: 7.2), another now-patched OS command injection bug in CSA that has also been abused in the wild.

Besides updating to the latest version (5.0.2), the company is recommending users to review the appliance for modified or newly added administrative users to look for signs of compromise, or check for alerts from endpoint detection and response (EDR) tools installed on the device.

The development comes less than a week after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Ivanti Endpoint Manager (EPM) that was fixed in May (CVE-2024-29824, CVSS score: 9.6) to the Known Exploited Vulnerabilities (KEV) catalog.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Next Post

CYBERX INDIA SUMMIT & AWARDS

Related Posts

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China. "
Avatar
Read More