Ivanti CSA Vulnerability Let Attackers Gain Unauthorized Access Remotely

Ivanti has issued a security advisory regarding a critical vulnerability in its Cloud Services Appliance (CSA) version 4.6, identified as CVE-2024-8963.

This vulnerability, inadvertently addressed in a patch released on September 10, 2024 (CSA 4.6 Patch 519), could allow remote unauthenticated attackers to access restricted functionality.

The vulnerability is a path traversal issue with a CVSS score of 9.4, indicating its severity. If exploited alongside another vulnerability, CVE-2024-8190, it could enable attackers to bypass administrative authentication and execute arbitrary commands on the appliance.

Ivanti CSA 4.6 has reached its end-of-life status and will no longer receive updates. The company strongly advises users to upgrade to CSA 5.0, which is unaffected by this vulnerability and is still the only supported version.

This vulnerability has already exploited a limited number of customers. Ivanti advises users still on CSA 4.6 to apply Patch 519 immediately or upgrade to CSA 5.0 for continued security.

To identify potential compromises, Ivanti suggests reviewing the CSA for modified or newly added administrative users and monitoring broker logs for inconsistencies. Users with Endpoint Detection and Response (EDR) tools should also check alerts.

If compromise is suspected, Ivanti recommends rebuilding the CSA with Patch 519 and transitioning to CSA 5.0 where possible.

This discovery emerged during an investigation into exploitation incidents reported by Ivanti on September 13, 2024, revealing that the issue had been unintentionally resolved in Patch 519.

This advisory underscores the importance of prompt action to ensure continued protection against vulnerabilities for Ivanti CSA users.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Co-Founder & Editor-in-Chief - Cyber Press Inc.,

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here