Adrian Johnson
TLDR:
- Ivanti warns of critical Cloud Services Appliance (CSA) flaw being exploited in attacks
- Threat actors are exploiting CVE-2024-8963 admin bypass vulnerability to access restricted functionality
Ivanti Warns of Another Critical CSA Flaw Exploited in Attacks
Today, Ivanti issued a warning about threat actors exploiting a Cloud Services Appliance (CSA) security flaw, tracked as CVE-2024-8963, in attacks targeting a limited number of customers. This flaw is an admin bypass vulnerability caused by a path traversal weakness, allowing remote unauthenticated attackers to access restricted functionality on vulnerable CSA systems.
Attackers are chaining CVE-2024-8963 with CVE-2024-8190, a high-severity CSA command injection bug, to bypass admin authentication and execute arbitrary commands on unpatched appliances. Ivanti advises administrators to review alerts from endpoint detection and response (EDR) tools and modify administrative user access privileges to detect and prevent exploitation attempts.
Federal agencies have been urged by CISA to patch vulnerable appliances within a specific timeframe. Ivanti emphasizes the importance of upgrading to CSA 5.0 to address the vulnerabilities effectively and ensure system security.
In recent months, Ivanti has faced multiple zero-day vulnerabilities in attacks targeting various products. The company is improving its scanning capabilities and responsible disclosure process to address security issues promptly.
