Ivanti has disclosed that a recently patched security flaw in its Cloud Service Appliance (CSA) is being actively exploited in the wild. The vulnerability, identified as CVE-2024-8190, allows remote code execution under specific conditions and has a CVSS score of 7.2.
Key Takeaways
Vulnerability Details: The flaw, CVE-2024-8190, is an OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier.
Exploitation Requirements: Exploitation requires admin-level privileges and impacts Ivanti CSA 4.6, which has reached end-of-life status.
Patch Information: The vulnerability has been addressed in CSA 4.6 Patch 519, but customers are urged to upgrade to Ivanti CSA 5.0 for continued support.
Active Exploitation: Ivanti has confirmed that the flaw is being actively exploited in the wild, targeting a limited number of customers.
CISA Involvement: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Vulnerability Details
The high-severity vulnerability, CVE-2024-8190, allows a remote authenticated attacker to execute arbitrary code on the affected system. The flaw exists in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier. To exploit this vulnerability, the attacker must have admin-level privileges.
Patch and Upgrade Recommendations
Ivanti has addressed the vulnerability in CSA 4.6 Patch 519. However, since Ivanti CSA 4.6 has reached end-of-life status, this will be the last fix backported for this version. Customers are strongly advised to upgrade to Ivanti CSA 5.0, which does not contain this vulnerability and is the only supported version moving forward.
Active Exploitation and CISA Advisory
On Friday, Ivanti updated its advisory to confirm that the vulnerability is being actively exploited in the wild, affecting a limited number of customers. While specific details about the attacks and the threat actors involved have not been disclosed, it is noteworthy that other Ivanti product vulnerabilities have been exploited by China-nexus cyberespionage groups.
In response to the active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-8190 to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are required to apply the necessary fixes by October 4, 2024.
Related Vulnerabilities
The disclosure of CVE-2024-8190 coincides with a detailed technical analysis by cybersecurity company Horizon3.ai of another critical vulnerability, CVE-2024-29847. This deserialization vulnerability in Endpoint Manager (EPM) has a CVSS score of 10.0 and also results in remote code execution.
The active exploitation of CVE-2024-8190 underscores the importance of timely patching and upgrading to supported software versions. Organizations using Ivanti CSA 4.6 are urged to apply the latest patch or upgrade to CSA 5.0 to mitigate potential risks.
Staying ahead of cyber threats requires constant vigilance and cutting-edge solutions. BetterWorld Technology provides comprehensive cybersecurity services that protect your business from data breaches, ransomware, and other cyberattacks. Our team offers proactive monitoring, threat detection, and rapid incident response to ensure your systems remain secure and your data is safe. Book a consultation with us now and let BetterWorld Technology strengthen your cybersecurity posture and defend your business from the ever-evolving threat landscape.
Sources
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability, The Hacker News.