Ivanti Addresses Critical Vulnerabilities in its Cloud Services Appliance Solution

December 11, 2024

Ivanti has patched a critical vulnerability in its Cloud Services Appliance (CSA) solution that could have allowed an unauthenticated attacker to bypass authentication and gain administrative access. The vulnerability, tracked as CVE-2024-11639 and carrying a CVSS score of 10, was discovered by the Advanced Research Team at CrowdStrike and affects CSA versions 5.0.2 and earlier. The company's advisory states: “An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access.”

In addition to this, Ivanti also addressed two critical SQL injection vulnerabilities, tracked as CVE-2024-11772 and CVE-2024-11773, both with a CVSS score of 9.1. These vulnerabilities were present in the admin web console of Ivanti CSA before version 5.0.3 and could have been exploited by a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

To address these issues, Ivanti released CSA version 5.0.3 and stated that it is not aware of any instances of these vulnerabilities being exploited in the wild. The company's advisory concludes: “We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program. Currently, there is no known public exploitation of these vulnerabilities that could be used to provide a list of indicators of compromise.”

In early October, Ivanti warned about three additional security vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) in its CSA that were being actively exploited. Threat actors were chaining these three vulnerabilities with the CSA zero-day CVE-2024-8963 (CVSS score of 9.4) that Ivanti addressed in September. The exploitation of these vulnerabilities could lead to SQL injection attacks, execution of arbitrary code via command injection, and bypassing of security restrictions through a path traversal weakness on vulnerable CSA gateways. Ivanti's advisory stated: “We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963. We have no evidence of any other vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti products or solutions.”

Related News

• Nation-State Threat Actors Exploit Ivanti CSA Zero-Day Vulnerabilities
• CISA Updates Known Exploited Vulnerabilities Catalog with Ivanti CSA and Fortinet Products Bugs
• Ivanti Alerts on Three New Actively Exploited CSA Zero-Days
• Ivanti Cloud Services Appliance Vulnerability Added to CISA's Known Exploited Vulnerabilities Catalog
• Critical CSA Vulnerability Exploited in Attacks: Ivanti Issues Warning

Latest News

• Microsoft Resolves 72 Security Flaws, Including an Actively Exploited CLFS Vulnerability
• U.S. Accuses Chinese National of Hacking 81,000 Sophos Firewalls Using Zero-Day Exploit
• Termite Ransomware Group Suspected Behind Zero-Day Exploits in Cleo Software
• High-Severity Bug in WPForms Plugin Exposes Millions of WordPress Sites to Stripe Refunds
• Microsoft NTLM Zero-Day Vulnerability Unresolved Until April