December 10, 2024 at 02:45PM
Ivanti has alerted customers about a severe authentication bypass vulnerability (CVE-2024-11639) in its Cloud Services Appliance, allowing attackers to gain admin access remotely. Users should upgrade to CSA 5.0.3. The company also patched other vulnerabilities but found no evidence of exploitation prior to disclosure.
**Meeting Takeaways: Ivanti Security Advisory Update**
1. **New Vulnerability Discovered**:
– Ivanti has announced a critical authentication bypass vulnerability (CVE-2024-11639) affecting its Cloud Services Appliance (CSA) version 5.0.2 and earlier.
– This flaw allows remote attackers to gain administrative privileges without authentication.
2. **Patch Recommendation**:
– Ivanti recommends that administrators upgrade vulnerable CSA appliances to version 5.0.3 as per the guidance in their support document.
3. **Current Exploitation Status**:
– Ivanti stated there are no known incidents of exploitation of the current vulnerabilities prior to public disclosure.
– No indicators of compromise are available due to a lack of public exploitation.
4. **Additional Vulnerability Patches**:
– Ivanti has patched several medium, high, and critical vulnerabilities in other products including Desktop and Server Management, Connect Secure, Policy Secure, Sentry, and Patch SDK.
– The new patches come after five previously identified CSA vulnerabilities were addressed:
– CVE-2024-8190 (remote code execution)
– CVE-2024-8963 (admin authentication bypass)
– CVE-2024-9379, CVE-2024-9380, CVE-2024-9381 (SQL injection, OS command injection, path traversal).
5. **Escalation of Security Measures**:
– Ivanti is enhancing its internal scanning capabilities and is committed to faster patches via an improved responsible disclosure process.
6. **Context of Recent Exploits**:
– The meeting highlighted concerns regarding multiple vulnerabilities being actively exploited in zero-day attacks earlier this year, particularly against Ivanti VPN appliances and related gateways.
7. **Customer Base**:
– Ivanti serves over 40,000 companies, emphasizing the importance of addressing these vulnerabilities to protect their systems and IT assets.
8. **Related Security Threats**:
– Other relevant security threats and vulnerabilities were mentioned, including flaws affecting WordPress and D-Link products, and widespread attacks exploiting zero-day vulnerabilities.
**Action Items**:
– IT administrators using Ivanti’s products should prioritize upgrading affected CSA appliances and monitor for updates on other patched vulnerabilities.