Ivanti has issued a warning regarding three critical vulnerabilities in its Cloud Service Appliance (CSA) that are currently being exploited in the wild. These zero-day flaws, which allow attackers to bypass restrictions and execute arbitrary code, pose significant risks to users running outdated versions of the software.
Key Takeaways
Three critical vulnerabilities identified: CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381.
Successful exploitation could lead to SQL injection, remote code execution, and privilege escalation.
Users are urged to update to CSA version 5.0.2 and review administrative access.
Overview Of The Vulnerabilities
Ivanti's recent findings reveal that the vulnerabilities are being exploited in conjunction with a previously patched flaw (CVE-2024-8963). The company has identified the following vulnerabilities:
CVE-2024-9379 (CVSS score: 6.5)SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2, allowing remote authenticated attackers to run arbitrary SQL statements.
CVE-2024-9380 (CVSS score: 7.2)An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2, enabling remote authenticated attackers to obtain remote code execution.
CVE-2024-9381 (CVSS score: 7.2)Path traversal vulnerability in Ivanti CSA before version 5.0.2, allowing remote authenticated attackers to bypass restrictions.
Exploitation Details
The attacks observed by Ivanti involve chaining the newly discovered vulnerabilities with CVE-2024-8963, which has a CVSS score of 9.4. This critical path traversal vulnerability allows remote unauthenticated attackers to access restricted functionalities, significantly increasing the risk of exploitation.
Recommendations For Users
To mitigate the risks associated with these vulnerabilities, Ivanti recommends the following actions:
Update to the latest version (5.0.2) of the Cloud Service Appliance.
Review the appliance for any modified or newly added administrative users to identify potential signs of compromise.
Check for alerts from endpoint detection and response (EDR) tools installed on the device.
Recent Developments
This alert comes shortly after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw affecting Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, CVE-2024-29824, was fixed in May and has a CVSS score of 9.6, highlighting the ongoing security challenges faced by Ivanti users.
The active exploitation of these vulnerabilities underscores the importance of maintaining up-to-date software and vigilant security practices. Users of Ivanti CSA are strongly encouraged to take immediate action to protect their systems from potential attacks.
Cybersecurity threats are growing more sophisticated every day, making it essential for businesses to stay ahead of the curve. BetterWorld Technology is here to help you navigate this complex landscape and safeguard your valuable data. Don't wait for a breach to occur—take control of your cybersecurity today. Book a consultation with BetterWorld Technology now, and let our experts tailor a solution that fits your unique needs.
Sources
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited, The Hacker News.