3 More Ivanti Cloud Vulns Exploited in the Wild

  /     /     /  
Publicated : 23/11/2024   Category : security

3 More Ivanti Cloud Vulns Exploited in the Wild


The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendors Cloud Services Appliance (CSA).


In the latest wrinkle of what seems to be an
ongoing saga of vulnerability concerns
, Ivanti is notifying customers of three additional vulnerabilities found in its
Cloud Services Appliance
(CSA) that are being
exploited in the wild
.
There is
limited exploitation
of the vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) according to the vendor, which are being chained individually with a previously disclosed zero-day vulnerability (
CVE-2024-8963
) found in Ivantis CSA.
CVE-2024-9379 has a CVSS rating of 6.5 and allows a remote authenticated attacker with privileges to run SQL statements. CVE-2024-9380, with a CVSS score of 7.2, is an operating system command injection vulnerability in Ivanti CSA that can allow a remote authenticated attacker to obtain remote code execution with admin privileges. And lastly, CVE-2024-9381, carrying a CVSS score of 7.2, is a path traversal in Ivanti CSA before version 5.0 and allows a remote authenticated attacker to bypass restrictions with admin privileges.
The bugs were found on systems running CSA 4.6 patch 518 and prior, and there is no evidence of exploitation on any environments running CSA 5.0.
Ivanti recommends reviewing the CSA for modified or newly added administrative users, said Ivanti in its user recommendations for checking compromised devices. We also recommend reviewing EDR alerts, if you have installed EDR or other security tools on your CSA. As this is an edge device, Ivanti strongly recommends using a layered approach to security and installing an EDR tool on the CSA.
Should a user suspect that they have been compromised, its recommended they rebuild their CSA with version 5.0.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
3 More Ivanti Cloud Vulns Exploited in the Wild