Ivanti alerts on exploited CSA vulnerability in recent cyber attacks

September 20, 2024
1 min read




Article Summary

TLDR:

  • Ivanti warns of critical Cloud Services Appliance (CSA) flaw being exploited in attacks
  • Threat actors are exploiting CVE-2024-8963 admin bypass vulnerability to access restricted functionality

Ivanti Warns of Another Critical CSA Flaw Exploited in Attacks

Today, Ivanti issued a warning about threat actors exploiting a Cloud Services Appliance (CSA) security flaw, tracked as CVE-2024-8963, in attacks targeting a limited number of customers. This flaw is an admin bypass vulnerability caused by a path traversal weakness, allowing remote unauthenticated attackers to access restricted functionality on vulnerable CSA systems.

Attackers are chaining CVE-2024-8963 with CVE-2024-8190, a high-severity CSA command injection bug, to bypass admin authentication and execute arbitrary commands on unpatched appliances. Ivanti advises administrators to review alerts from endpoint detection and response (EDR) tools and modify administrative user access privileges to detect and prevent exploitation attempts.

Federal agencies have been urged by CISA to patch vulnerable appliances within a specific timeframe. Ivanti emphasizes the importance of upgrading to CSA 5.0 to address the vulnerabilities effectively and ensure system security.

In recent months, Ivanti has faced multiple zero-day vulnerabilities in attacks targeting various products. The company is improving its scanning capabilities and responsible disclosure process to address security issues promptly.


Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives