Ivanti Alerts on Three New Actively Exploited CSA Zero-Days

October 8, 2024

Ivanti has announced that it has patched three new zero-day vulnerabilities in its Cloud Services Appliance (CSA), which have been actively exploited in cyber attacks. The attackers have been linking these three security loopholes with another CSA zero-day that was fixed in September.

The successful manipulation of these vulnerabilities could enable remote cybercriminals to execute SQL statements through SQL injection, run arbitrary code via command injection, and sidestep security controls by exploiting a path traversal flaw in vulnerable CSA gateways. These gateways are used to provide enterprise users with secure access to internal network resources.

Ivanti stated, 'We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963.' The company has advised customers who suspect that their systems have been compromised in these attacks to restore their CSA appliances with version 5.0.2.

To identify attempts at exploitation, administrators should monitor alerts from endpoint detection and response (EDR) or other security software. Signs of compromise can also be detected by checking for new or modified admin users.

Ivanti has also warned that CSA 4.6, an end-of-life product that received its last security patch in September, is still being used by some customers. These customers are urged to upgrade to CSA 5.0.2 as soon as possible. Ivanti added, 'Additionally, it is important for customers to know that we have not observed exploitation of these vulnerabilities in any version of CSA 5.0.'

In the previous month, Ivanti warned that threat actors were linking an admin bypass vulnerability (CVE-2024-8963) with a command injection bug (CVE-2024-8190) to bypass admin authentication and execute arbitrary commands on unpatched CSA appliances. The Cybersecurity and Infrastructure Security Agency (CISA) added these two Ivanti flaws to its Known Exploited Vulnerabilities catalog and instructed federal agencies to secure vulnerable systems by October 10.

Ivanti is now escalating its testing and internal scanning capabilities and is working on enhancing its responsible disclosure process to address security issues more quickly. The company stated, 'Ivanti is making a large investment in Secure by Design across our organization and signed the CISA Secure by Design pledge in May.' Several vulnerabilities were exploited as zero-days in widespread attacks in recent months, targeting Ivanti VPN appliances and ICS, IPS, and ZTA gateways. Ivanti has over 7,000 partners and more than 40,000 companies use its products to manage their systems and IT assets globally.

Related News

• Ivanti Cloud Services Appliance Vulnerability Added to CISA's Known Exploited Vulnerabilities Catalog
• Critical CSA Vulnerability Exploited in Attacks: Ivanti Issues Warning
• Urgent Call to Patch: Exploit Code for Critical Ivanti RCE Vulnerability Released
• Ivanti Alert: High Severity CSA Vulnerability Now Actively Exploited

Latest News

• Qualcomm Addresses High-Risk Zero-Day Vulnerability in DSP Service
• Chinese Hacking Group Breaches Major U.S. Broadband Providers
• 6 Million WordPress Sites at Risk from XSS Vulnerability in LiteSpeed Cache Plug-In
• High-Risk Flaw in WordPress LiteSpeed Cache Plugin Could Lead to Site Takeover
• Apple Patches Two New iOS Security Vulnerabilities: CVE-2024-44204 and CVE-2024-44207