September 19, 2024 – In a concerning development for cybersecurity professionals, Ivanti has disclosed that a critical vulnerability in its Cloud Service Appliance (CSA) is being actively exploited by threat actors. The vulnerability, tracked as CVE-2024-8963, allows attackers to bypass admin authentication and execute arbitrary commands on unpatched appliances12.
Details of the Vulnerability
The flaw affects Ivanti CSA version 4.6, which is no longer supported by the company. Despite being addressed in a recent update released on September 10, 2024, the vulnerability was only discovered during an investigation into another high-severity CSA vulnerability (CVE-2024-8190) disclosed last week2. This critical flaw has received a severity rating of 9.4 out of 10, highlighting the significant risk it poses2.
Exploitation in the Wild
Ivanti has confirmed that a limited number of customers have already been targeted by exploits leveraging this vulnerability. Attackers are reportedly chaining CVE-2024-8963 with CVE-2024-8190 to gain unauthorized access and control over affected systems13. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory, urging organizations to apply the necessary updates to mitigate the risk4.
Recommendations
Ivanti strongly recommends that all users upgrade to CSA version 5.0, the only supported version of the appliance, to ensure continued protection. The company has emphasized the importance of applying the latest patches and updates to safeguard against these active threats2.
Industry Impact
This incident underscores the critical need for organizations to maintain up-to-date security measures and promptly address vulnerabilities. As cyber threats continue to evolve, staying vigilant and proactive in applying security updates is essential to protect sensitive data and infrastructure.
For more information and detailed guidance, users are encouraged to review Ivanti’s security advisory and CISA’s recommendations4.
