October 8, 2024 at 12:12PM
Ivanti released security updates to address three new Cloud Services Appliance (CSA) zero-day vulnerabilities being actively exploited. These flaws impact CSA 5.0.1 and earlier, with the company advising affected customers to upgrade to version 5.0.2 and monitor for signs of compromise. Ivanti pledged a focus on Secure by Design and is addressing security issues faster.
Based on the meeting notes, the key takeaways are:
1. Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days that are actively exploited in attacks. These vulnerabilities can allow remote attackers to run SQL statements, execute arbitrary code, and bypass security restrictions.
2. Ivanti recommends customers who suspect their systems have been compromised to rebuild their CSA appliances with version 5.0.2 and upgrade from CSA 4.6 to 5.0.2. Systems running CSA 4.6 are advised to upgrade as soon as possible.
3. Admins should review alerts from endpoint detection and response (EDR) or other security software to detect exploitation attempts and observe signs of compromise by checking for new or modified admin users.
4. Threat actors are actively exploiting multiple Ivanti zero-day vulnerabilities. Federal agencies have been ordered to secure vulnerable systems by October 10 and Ivanti is working on improving its responsible disclosure process to address security issues faster.
5. Several flaws in Ivanti products have been exploited as zero-days in recent months.
These takeaways provide a concise summary of the security updates, vulnerable systems, and exploitation attempts discussed in the meeting.