Ivantis Cloud Service Appliance Attacked via Second Vuln

The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).

Less than two weeks after patching one flaw, Ivanti announced on Sept. 19 that a second, critical Cloud Services Appliance (CSA) vulnerability is being exploited in the wild.
The vulnerability (
CVE-2024-8963
, CVSS 9.4) is a path traversal in Ivanti CSA that allows a remote, unauthenticated attacker to access restricted functionalities. Attackers have chained it to the previously disclosed flaw,
CVE-2024-8190
, which is a high-severity OS command injection flaw that can allow unauthorized access to devices. The chain can be exploited for remote code execution (RCE), if the attacker has admin-level privileges.
If CVE-2024-8963 is used in conjunction with
CVE-2024-8190
an attacker can bypass admin authentication and execute arbitrary commands on the appliance, the enterprise said.
The news comes during an ongoing series of security issues Ivanti has faced since 2023.
Just this year alone, Ivanti has faced flaw after flaw; in February, the Cybersecurity and Infrastructure Security Agency (CISA)
ordered Ivanti VPN
appliances be disconnected, rebuilt, and reconfigured in 48 hours, after there were concerns that multiple threat actors were exploiting security flaws found in the systems.
In April, foreign nation-state hackers took advantage of vulnerable Ivanti gateway devices and
attacked MITRE
, breaking its 15-year streak of being incident free. And MITRE wasn’t alone in this, as
thousands of Ivanti VPN instances
were compromised due to two unpatched zero-day vulnerabilities.
And in August,
Ivantis Virtual Traffic Manager (vTM)
harbored a critical vulnerability that could have led to authentication bypass and creation of an administrator user without the patch that the enterprise provided.
These known but unpatched vulnerabilities have emerged a favorite target for attackers because they are easy to exploit and oftentimes organizations have no idea that devices with EOL systems are still running in their network, Greg Fitzgerald, co-founder of Sevco Security, said in an emailed statement to Dark Reading.
To mitigate this threat, Ivanti recommends that its customers upgrade the Ivanti CSA 4.6 to CSA 5.0. They can also update CSA 4.6 Patch 518 to Patch 519; however, this product has entered end of life, so its recommended to upgrade to CSA 5.0 instead.
In addition to this, Ivanti recommends that all customers ensure dual-homed CSA configurations with eth0 as an internal network.
Customers should review the CSA for modified or newly added administrators if they are concerned that they may have been compromised. If users have endpoint detection and response (EDR) installed, its recommended to review those alerts as well.
Users can request help or ask questions by logging a case or requesting a call through Ivantis Success Portal.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Ivantis Cloud Service Appliance Attacked via Second Vuln