September 20, 2024 at 05:05PM
Ivanti has announced that a critical vulnerability in the Cloud Services Appliance (CSA) is being exploited, allowing attackers to bypass admin authentication and execute arbitrary commands. This adds to the ongoing security issues faced by Ivanti since 2023. Steps to mitigate the threat include upgrading to CSA 5.0 and ensuring dual-homed CSA configurations. Users are advised to review their systems and seek support through Ivanti’s Success Portal.
After analyzing the meeting notes, here are the key takeaways:
– Ivanti announced on Sept. 19 that a critical Cloud Services Appliance (CSA) vulnerability (CVE-2024-8963, CVSS 9.4) is being exploited in the wild, just weeks after patching another flaw (CVE-2024-8190). The latest vulnerability allows remote, unauthenticated attackers to access restricted functionalities and can be chained with the previously disclosed flaw for remote code execution.
– This announcement is part of an ongoing series of security issues Ivanti has faced since 2023, including multiple flaws and vulnerabilities in various products, such as Ivanti VPN, gateway devices, and the Virtual Traffic Manager (vTM).
– To mitigate the threat, Ivanti recommends upgrading the Ivanti CSA to version 5.0, as well as patching the existing version if upgrading is not feasible. Additionally, customers are advised to review their CSA configurations, check for modified or newly added administrators, and monitor alerts through endpoint detection and response (EDR) if installed.
– Customers can seek assistance or ask questions by contacting Ivanti through their Success Portal.
If you need further details or additional information, please feel free to ask.