September 20, 2024 at 04:36AM Ivanti announced the exploitation of two vulnerabilities in its Cloud Services Appliance (CSA): CVE-2024-8190 and CVE-2024-8963. The flaws allow unauthorized access and arbitrary command execution on devices. CSA 4.6 Patch 519 and CSA 5.0 address the vulnerabilities, with the latter recommended due to the end of life for 4.6. CISA … Read more
September 16, 2024 at 05:20PM Ivanti alerted customers about the active exploitation of a high-severity vulnerability (CVE-2024-8190) in its Cloud Service Appliance (CSA). The company recommended upgrading to CSA 5.0 to remediate the bug, warning that unauthorized access is possible with a CVSS score of 7.2. Users are urged to update to the latest version … Read more
September 16, 2024 at 05:27AM Exploitation of the Ivanti Cloud Service Appliance (CSA) vulnerability CVE-2024-8190 began shortly after the vendor released patches. The high-severity flaw enables unauthorized access and remote code execution, affecting certain versions of the CSA. Ivanti has addressed the issue in Patch 519 and CSA 5.0, but noted limited customer exploitation. CISA … Read more
September 14, 2024 at 12:39AM Ivanti disclosed an actively exploited high-severity vulnerability (CVE-2024-8190) in its Cloud Service Appliance, impacting version 4.6, prompting customers to upgrade to version 5.0. The company noted confirmed exploitation in the wild targeting a limited number of customers and urged federal agencies to apply fixes by October 4, 2024. Additionally, a … Read more