Source- securityweek.com
Ivanti, a leading provider of cybersecurity solutions, has disclosed the active exploitation of a severe vulnerability in Ivanti Cloud Service Appliance (CSA). The flaw, identified as CVE-2024-8963, has drawn concern due to its potential for serious damage, prompting immediate warnings from both Ivanti and U.S. authorities. As cyber attackers increasingly target this vulnerability, Ivanti is urging affected customers to take swift action.
New Vulnerability Threatens Ivanti Cloud Service Appliance
The newly identified vulnerability, CVE-2024-8963, carries a CVSS score of 9.4, indicating a high level of risk. The vulnerability impacts Ivanti Cloud Service Appliance, a tool widely used to manage secure connections for cloud services. According to Ivanti, the flaw, described as a “path traversal” issue, allows unauthorized, remote attackers to access restricted features on vulnerable systems. This critical flaw was incidentally addressed in CSA 4.6 Patch 519 and the subsequent CSA 5.0 version, though the company had not previously flagged it as a significant security issue.
Ivanti’s Thursday bulletin highlighted the severity of the problem, stating that attackers could exploit this flaw to bypass security protocols. In particular, the vulnerability could be combined with a second flaw, CVE-2024-8190, which holds a CVSS score of 7.2. Together, these flaws enable attackers to bypass administrative authentication, potentially leading to arbitrary command execution on the affected devices.
Active Exploitation Reported, Prompting Urgent Response
Adding to the urgency, Ivanti has revealed that a limited number of customers have already fallen victim to exploitation attempts leveraging these vulnerabilities. This admission follows the company’s earlier disclosure of exploitation attempts targeting CVE-2024-8190. The combination of the two flaws has enabled threat actors to execute unauthorized code on vulnerable systems, escalating concerns about the potential widespread impact.
As cybercriminals increasingly target these vulnerabilities, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken action. CISA has added CVE-2024-8963 to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the need for immediate remediation. Federal agencies have been given a deadline of October 10, 2024, to apply the necessary patches and ensure their systems are secure.
Urgent Recommendations and Upgrade Path for Users
In light of the growing threat, Ivanti is strongly advising all users to upgrade to the latest CSA version 5.0. The older version, CSA 4.6, is no longer supported, leaving users at greater risk if they continue using it. Ivanti’s proactive measures, including the release of patches and continuous communication, highlight the severity of the situation and the need for users to respond swiftly.
The company’s latest alert underscores the importance of staying updated with software patches and monitoring for suspicious activity. Users are urged to ensure that their systems are up-to-date and secure to prevent further exploitation of these vulnerabilities.
As security threats evolve, Ivanti’s actions reflect the broader industry’s need to remain vigilant and proactive in protecting critical infrastructure from emerging cyber threats.
Also Read: Rising Threats in Cybersecurity: Phishing Campaigns and Automated Scams