September 20, 2024 at 04:36AM
Ivanti announced the exploitation of two vulnerabilities in its Cloud Services Appliance (CSA): CVE-2024-8190 and CVE-2024-8963. The flaws allow unauthorized access and arbitrary command execution on devices. CSA 4.6 Patch 519 and CSA 5.0 address the vulnerabilities, with the latter recommended due to the end of life for 4.6. CISA has added CVE-2024-8963 to its Known Exploited Vulnerabilities Catalog.
From the meeting notes, I have gathered the following key points:
1. There have been multiple instances of exploitation of vulnerabilities in Ivanti Cloud Services Appliance (CSA), specifically CVE-2024-8190 and CVE-2024-8963.
2. Exploitation of CVE-2024-8190 requires admin-level privileges and can lead to remote code execution.
3. CVE-2024-8963 is a critical path traversal issue that allows remote, unauthenticated attackers to access restricted functionality.
4. CSA 4.6 Patch 519 and CSA 5.0 address the vulnerabilities, with version 4.6 reaching end of life and no longer receiving updates.
5. CISA has added CVE-2024-8963 to its Known Exploited Vulnerabilities Catalog, instructing federal agencies to address it by October 10.
6. There is no public information available on the specific attacks involving the exploitation of CVE-2024-8963 and CVE-2024-8190.
7. Threat actors have been known to exploit Ivanti product vulnerabilities for activities such as backdoor delivery and targeting high-profile organizations.
Let me know if you need any further information or details on any specific aspects.