Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Avatar
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said. Successful exploitation of these vulnerabilities could allow an authenticated
[[{“value”:”

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.

The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said.

Successful exploitation of these vulnerabilities could allow an authenticated attacker with admin privileges to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution.

“We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963,” the company said.

There is no evidence of exploitation against customer environments running CSA 5.0. A brief description of the three shortcomings is as follows –

CVE-2024-9379 (CVSS score: 6.5) – SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements
CVE-2024-9380 (CVSS score: 7.2) – An operating system (OS) command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution
CVE-2024-9381 (CVSS score: 7.2) – Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

The attacks observed by Ivanti involve combining the aforementioned flaws with CVE-2024-8963 (CVSS score: 9.4), a critical path traversal vulnerability that allows a remote unauthenticated attacker to access restricted functionality.

Ivanti said it discovered the three new flaws as part of its investigation into the exploitation of CVE-2024-8963 and CVE-2024-8190 (CVSS score: 7.2), another now-patched OS command injection bug in CSA that has also been abused in the wild.

Besides updating to the latest version (5.0.2), the company is recommending users to review the appliance for modified or newly added administrative users to look for signs of compromise, or check for alerts from endpoint detection and response (EDR) tools installed on the device.

The development comes less than a week after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Ivanti Endpoint Manager (EPM) that was fixed in May (CVE-2024-29824, CVSS score: 9.6) to the Known Exploited Vulnerabilities (KEV) catalog.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Next Post

CYBERX INDIA SUMMIT & AWARDS

Related Posts

FCC Launches ‘Cyber Trust Mark’ for IoT Devices to Certify Security Compliance

The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear
Avatar
Read More

Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users

Google's cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security. "We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025," Mayank Upadhyay, vice president of engineering and distinguished engineer at
Avatar
Read More