Exploited Vulnerabilities in Ivanti Cloud Services Appliance (CSA)
Critical vulnerabilities could allow an attacker to bypass admin authentication and execute arbitrary commands on the appliance
Summary
Critical vulnerabilities could allow an attacker to bypass admin authentication and execute arbitrary commands on the appliance
Affected platforms
The following platforms are known to be affected:
Threat details
Affected version has reached End-of-Life (EOL)
Ivanti Cloud Services Appliance (CSA) 4.6 is End-of-Life (EOL) and no longer receives patches for OS or third-party libraries. Please refer to Ivanti Endpoint Manager and Ivanti Endpoint Manager Security Suite and Ivanti Cloud Service Application (CSA) - End-of-Life (EOL) for the updated End-of-Life (EOL) dates matrix.
CSA 5.0 is the only supported version of the product and is not affected by this vulnerability.
Introduction
Ivanti has released security advisories addressing two vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint Manager, but security fixes are maintained separately.
- CVE-2024-8963 is a critical vulnerability with a CVSSv3 score of 9.4 that could allow a remote unauthenticated attacker to access restricted functionality.
- CVE-2024-8190 is a high severity vulnerability with a CVSSv3 score of 7.2 that could lead to unauthorised access to the device running the CSA.
Chained together, the two vulnerabilities can allow an attacker to achieve remote code execution (RCE) on the appliance.
Exploitation of CVE-2024-8190 & CVE-2024-8963
Active exploitation of CVE-2024-8190 and CVE-2024-8963 have been observed in the wild.
Remediation advice
Affected organisations are strongly encouraged to review Security Advisory Ivanti CSA 4.6 (Cloud Services Appliance) (CVE-2024-8963) and Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190) for guidance to apply any relevant security updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 20 September 2024 2:19 pm