Exploited Cyberattacks Targeting Critical Ivanti Cloud Appliance Vulnerability
A critical security vulnerability affecting Ivanti’s Cloud Service Appliance (CSA) is being actively exploited in live cybersecurity attacks, as per Ivanti’s disclosure.
The newly discovered vulnerability, known as CVE-2024-8963, has been given a high CVSS score of 9.4 out of 10.0. Ivanti took action to address this vulnerability through patches in CSA 4.6 Patch 519 and CSA 5.0.
In a bulletin released on Thursday, the company stated that the vulnerability allowed remote unauthenticated attackers to access restricted functions by exploiting a Path Traversal issue in Ivanti CSA versions prior to 4.6 Patch 519.
The announcement also highlighted that when chained with CVE-2024-8190 (with a CVSS score of 7.2), the flaw could enable attackers to bypass admin authentication, thus executing arbitrary commands on the appliance.
Ivanti has stated that it is currently monitoring a few cases where customers were targeted through this vulnerability. This follows the company’s recent disclosure of active exploitation attempts related to CVE-2024-8190.
These incidents reveal that threat actors are exploiting both vulnerabilities in tandem to gain control of susceptible devices and execute malicious code.
As a response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to address this vulnerability by October 10, 2024, and has included it in their Known Exploited Vulnerabilities (KEV) catalogue. This move was initiated after Ivanti’s warning regarding the ongoing cyberattacks.
All users are strongly advised to upgrade to CSA version 5.0 promptly as version 4.6 has reached its end-of-life status and is no longer supported.
About Author
