October 9, 2024 at 03:06PM
Ivanti has alerted customers to three new vulnerabilities in its Cloud Services Appliance (CVA) that are currently being exploited, alongside a previously disclosed zero-day vulnerability. The company advises users to review administrative access and EDR alerts, and recommends migrating to CSA version 5.0 if compromised.
### Meeting Takeaways:
1. **New Vulnerabilities Identified**: Ivanti has notified customers of three newly discovered vulnerabilities in its Cloud Services Appliance (CSA):
– **CVE-2024-9379**: CVSS rating of 6.5; allows remote authenticated attackers to run SQL statements.
– **CVE-2024-9380**: CVSS score of 7.2; enables remote code execution with admin privileges via OS command injection.
– **CVE-2024-9381**: CVSS score of 7.2; allows path traversal and restriction bypass for remote authenticated attackers.
2. **Exploitation Status**:
– Limited exploitation of these vulnerabilities has been confirmed.
– These vulnerabilities can be chained with the previously disclosed zero-day vulnerability (CVE-2024-8963).
– No evidence of exploitation has been detected in systems running CSA version 5.0.
3. **Affected Systems**: The vulnerabilities were found in CSA versions 4.6 patch 518 and prior.
4. **Recommendations from Ivanti**:
– Review CSA for any modified or new administrative users.
– Check EDR alerts if EDR or similar security tools are installed on the CSA.
– Implement a layered security approach, including the installation of an EDR tool on the CSA.
5. **Action for Suspected Compromise**:
– If a user suspects their environment has been compromised, it is recommended to rebuild their CSA with version 5.0.