September 20, 2024 at 05:05PM Ivanti has announced that a critical vulnerability in the Cloud Services Appliance (CSA) is being exploited, allowing attackers to bypass admin authentication and execute arbitrary commands. This adds to the ongoing security issues faced by Ivanti since 2023. Steps to mitigate the threat include upgrading to CSA 5.0 and ensuring … Read more
September 20, 2024 at 01:33AM Ivanti disclosed active exploitation of a critical security flaw in Cloud Service Appliance (CSA), with remote unauthenticated attacker access. The vulnerability, CVE-2024-8963, carries a CVSS score of 9.4 and can be combined with CVE-2024-8190 for arbitrary command execution. CSA 4.6 Patch 519 and CSA 5.0 address the issue. CISA has … Read more
September 19, 2024 at 02:45PM Ivanti warns of ongoing exploitation of a Cloud Services Appliance (CSA) vulnerability, CVE-2024-8963, allowing remote attackers to access restricted functions. Attackers also exploit CVE-2024-8190 to bypass admin authentication and execute arbitrary commands. Ivanti advises immediate patching and emphasizes the end-of-life status of Ivanti CSA 4.6. Federal agencies are mandated to … Read more