Ivantis Cloud Service Appliance Attacked via Second Vuln

  /     /     /  
Publicated : 23/11/2024   Category : security


Ivantis Cloud Service Appliance Attacked via Second Vuln


The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).



Less than two weeks after patching one flaw, Ivanti announced on Sept. 19 that a second, critical Cloud Services Appliance (CSA) vulnerability is being exploited in the wild.
The vulnerability (
CVE-2024-8963
, CVSS 9.4) is a path traversal in Ivanti CSA that allows a remote, unauthenticated attacker to access restricted functionalities. Attackers have chained it to the previously disclosed flaw,
CVE-2024-8190
, which is a high-severity OS command injection flaw that can allow unauthorized access to devices. The chain can be exploited for remote code execution (RCE), if the attacker has admin-level privileges.
If CVE-2024-8963 is used in conjunction with 
CVE-2024-8190
 an attacker can bypass admin authentication and execute arbitrary commands on the appliance, the enterprise said.
The news comes during an ongoing series of security issues Ivanti has faced since 2023.
Just this year alone, Ivanti has faced flaw after flaw; in February, the Cybersecurity and Infrastructure Security Agency (CISA)
ordered Ivanti VPN
 appliances be disconnected, rebuilt, and reconfigured in 48 hours, after there were concerns that multiple threat actors were exploiting security flaws found in the systems.
In April, foreign nation-state hackers took advantage of vulnerable Ivanti gateway devices and 
attacked MITRE
, breaking its 15-year streak of being incident free. And MITRE wasn’t alone in this, as 
thousands of Ivanti VPN instances
 were compromised due to two unpatched zero-day vulnerabilities.
And in August, 
Ivantis Virtual Traffic Manager (vTM)
 harbored a critical vulnerability that could have led to authentication bypass and creation of an administrator user without the patch that the enterprise provided.
These known but unpatched vulnerabilities have emerged a favorite target for attackers because they are easy to exploit and oftentimes organizations have no idea that devices with EOL systems are still running in their network, Greg Fitzgerald, co-founder of Sevco Security, said in an emailed statement to Dark Reading.
To mitigate this threat, Ivanti recommends that its customers upgrade the Ivanti CSA 4.6 to CSA 5.0. They can also update CSA 4.6 Patch 518 to Patch 519; however, this product has entered end of life, so its recommended to upgrade to CSA 5.0 instead. 
In addition to this, Ivanti recommends that all customers ensure dual-homed CSA configurations with eth0 as an internal network.
Customers should review the CSA for modified or newly added administrators if they are concerned that they may have been compromised. If users have endpoint detection and response (EDR) installed, its recommended to review those alerts as well. 
Users can request help or ask questions by logging a case or requesting a call through Ivantis Success Portal.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ivantis Cloud Service Appliance Attacked via Second Vuln