September 19, 2024 at 02:45PM
Ivanti warns of ongoing exploitation of a Cloud Services Appliance (CSA) vulnerability, CVE-2024-8963, allowing remote attackers to access restricted functions. Attackers also exploit CVE-2024-8190 to bypass admin authentication and execute arbitrary commands. Ivanti advises immediate patching and emphasizes the end-of-life status of Ivanti CSA 4.6. Federal agencies are mandated to patch vulnerable appliances by early October.
Based on the meeting notes provided, the key takeaways are as follows:
1. Ivanti has warned about threat actors exploiting a Cloud Services Appliance (CSA) vulnerability (CVE-2024-8963) to access restricted functionality and execute arbitrary commands on vulnerable systems.
2. Attackers are exploiting the vulnerability by chaining it with a high-severity CSA command injection bug (CVE-2024-8190) to bypass admin authentication.
3. It is recommended that administrators review alerts from endpoint detection and response (EDR) or other security software, configure settings, and access privileges for new or modified administrative users to detect exploitation attempts.
4. Ivanti advises administrators to ensure dual-homed CSA configurations with eth0 as an internal network to reduce the risk of exploitation and rebuild CSA with patch 519 if compromise is suspected.
5. Federal agencies, specifically the Federal Civilian Executive Branch (FCEB) agencies, are required to patch vulnerable appliances within specific deadlines as per Binding Operational Directive (BOD) 22-01.
6. Ivanti has committed to escalating internal scanning and testing capabilities and improving the responsible disclosure process to address potential security issues faster.
7. There has been a spike in discovery and disclosure of Ivanti flaws, and the company acknowledges the importance of responsible discovery and disclosure of Common Vulnerabilities and Exposures (CVEs).
8. Ivanti has a substantial global presence with over 7,000 partners worldwide and more than 40,000 companies using its products for system and IT asset management.