September 16, 2024 at 05:20PM
Ivanti alerted customers about the active exploitation of a high-severity vulnerability (CVE-2024-8190) in its Cloud Service Appliance (CSA). The company recommended upgrading to CSA 5.0 to remediate the bug, warning that unauthorized access is possible with a CVSS score of 7.2. Users are urged to update to the latest version immediately.
Based on the meeting notes, here are the key takeaways:
– Ivanti released an advisory regarding a high-severity vulnerability in its Cloud Service Appliance (CSA), which is now being exploited in the wild.
– The vulnerability, tracked as CVE-2024-8190, could allow unauthorized access to devices and has a CVSS score of 7.2 out of 10. It requires administrator-level privileges to exploit.
– To remediate the vulnerability, Ivanti recommended upgrading from Ivanti CSA 4.6 to CSA 5.0. Customers using CSA 4.6 Patch 518 can update to Patch 519, but upgrading to CSA 5.0 is the best option.
– On Sept. 13, Ivanti updated its advisory, confirming active exploitation of the vulnerability for a limited number of customers following public disclosure.
– Users are strongly advised to update to the latest version of the appliance as soon as possible. Additionally, if users find that they have been compromised before applying the recommended patch, they can log a case or request a call through the Ivanti Success Portal.