October 8, 2024 at 01:15PM
Ivanti has warned about three new security vulnerabilities in its Cloud Service Appliance (CSA) actively exploited in the wild. The zero-day flaws, when combined with a previously patched flaw, can allow attackers to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution. The company advises taking measures to detect and prevent compromise.
From the meeting notes:
Ivanti has warned about three new security vulnerabilities impacting its Cloud Service Appliance (CSA). These vulnerabilities have been actively exploited in the wild and are being weaponized in conjunction with a previously patched flaw in CSA. The vulnerabilities could allow an authenticated attacker with admin privileges to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution. Ivanti discovered these flaws as part of its investigation into the exploitation of another now-patched OS command injection bug in CSA.
Recommendations include reviewing the appliance for modified or newly added administrative users, checking for signs of compromise, and monitoring alerts from endpoint detection and response (EDR) tools installed on the device.
In addition, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Ivanti Endpoint Manager (EPM) to the Known Exploited Vulnerabilities (KEV) catalog.
For more exclusive content, follow Ivanti on Twitter and LinkedIn.