September 20, 2024 at 11:37AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added the latest Ivanti weakness, a path traversal flaw, to its Known Exploited Vulnerability catalog. This came after a string of high-profile path traversal bugs affecting IT vendors. Ivanti has released a fix for the critical severity bug affecting its Cloud … Read more
September 20, 2024 at 04:36AM Ivanti announced the exploitation of two vulnerabilities in its Cloud Services Appliance (CSA): CVE-2024-8190 and CVE-2024-8963. The flaws allow unauthorized access and arbitrary command execution on devices. CSA 4.6 Patch 519 and CSA 5.0 address the vulnerabilities, with the latter recommended due to the end of life for 4.6. CISA … Read more
September 20, 2024 at 01:33AM Ivanti disclosed active exploitation of a critical security flaw in Cloud Service Appliance (CSA), with remote unauthenticated attacker access. The vulnerability, CVE-2024-8963, carries a CVSS score of 9.4 and can be combined with CVE-2024-8190 for arbitrary command execution. CSA 4.6 Patch 519 and CSA 5.0 address the issue. CISA has … Read more
September 19, 2024 at 02:45PM Ivanti warns of ongoing exploitation of a Cloud Services Appliance (CSA) vulnerability, CVE-2024-8963, allowing remote attackers to access restricted functions. Attackers also exploit CVE-2024-8190 to bypass admin authentication and execute arbitrary commands. Ivanti advises immediate patching and emphasizes the end-of-life status of Ivanti CSA 4.6. Federal agencies are mandated to … Read more
September 16, 2024 at 05:27AM Exploitation of the Ivanti Cloud Service Appliance (CSA) vulnerability CVE-2024-8190 began shortly after the vendor released patches. The high-severity flaw enables unauthorized access and remote code execution, affecting certain versions of the CSA. Ivanti has addressed the issue in Patch 519 and CSA 5.0, but noted limited customer exploitation. CISA … Read more
September 14, 2024 at 12:39AM Ivanti disclosed an actively exploited high-severity vulnerability (CVE-2024-8190) in its Cloud Service Appliance, impacting version 4.6, prompting customers to upgrade to version 5.0. The company noted confirmed exploitation in the wild targeting a limited number of customers and urged federal agencies to apply fixes by October 4, 2024. Additionally, a … Read more
September 13, 2024 at 01:40PM Ivanti has confirmed the active exploitation of a high severity vulnerability in its Cloud Services Appliance solution. Based on the meeting notes, it is important to note that Ivanti confirmed on Friday a high severity vulnerability in its Cloud Services Appliance (CSA) solution that is currently being actively exploited in … Read more
September 11, 2024 at 06:57AM Ivanti announced security updates for Endpoint Manager, Cloud Service Appliance, and Workspace Control, addressing multiple high-severity vulnerabilities. Patches for Endpoint Manager resolve 16 flaws, including CVE-2024-29847, a critical-severity bug allowing remote code execution. Cloud Service Appliance patch resolves an OS command injection flaw. Workspace Control patches address six high-severity vulnerabilities. … Read more
August 14, 2024 at 06:57AM Ivanti announced patches for eight vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager, including two critical-severity flaws. The patches address security defects, such as information disclosure and improper certificate validation, and are available for download. Ivanti recommends customers upgrade to the patched versions to mitigate potential risks. Based … Read more
August 14, 2024 at 02:03AM Ivanti has released security updates for a critical flaw in Virtual Traffic Manager (vTM) that could allow an authentication bypass and the creation of rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8. Additionally, Ivanti has addressed other vulnerabilities in Neurons for ITSM and Ivanti … Read more