Insights | Integrity360

Threat Advisory: Ivanti warns of Three Critical Ivanti CSA Vulnerabilities that are Actively Exploited

Written by Integrity360 | 16 October 2024 16:56:16 Z

Overview: Ivanti has released updates for Ivanti CSA (Cloud Services Application) which addresses a medium severity and two high severity vulnerabilities. Exploiting these vulnerabilities effectively enables remote attackers to execute SQL statements through SQL injection, run arbitrary code via command injection, and bypass security restrictions by taking advantage of a path traversal weakness in vulnerable CSA gateways, which provide secure access to internal network resources for enterprise users.

Ivanti have said:

  • We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963. We have not observed these vulnerabilities being exploited in any version of CSA 5.0.
  • We have no evidence of any other vulnerabilities being exploited in the wild.
  • These vulnerabilities do not impact any other Ivanti products or solutions.

Affected Versions:

  • Ivanti CSA (Cloud Services Appliance)
  • Affected Version(s): 5.0.1 and Prior.

Description of Vulnerability:

Below are the descriptions of the three vulnerabilities:

  • CVE-2024-9379 (CVSS score 6.5) – a SQL injection in the admin web console of Ivanti CSA before version 5.0.2. A remote authenticated attacker with admin privileges can exploit the flaw to run arbitrary SQL statements.
  • CVE-2024-9380 (CVSS score 7.2) – an OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2. A remote authenticated attacker with admin privileges can exploit the vulnerability to achieve remote code execution.
  • CVE-2024-9381 (CVSS score 7.2) – a path traversal issue in Ivanti CSA before version 5.0.2. A remote authenticated attacker with admin privileges can exploit the flaw to bypass restrictions.

Threat actors are chaining these three vulnerabilities with the CSA zero-day CVE-2024-8963 (CVSS score of 9.4) that the software firm addressed in September.

Recommendations:

Customers who have not already done so should upgrade to CSA 5.0.2.
Customers running CSA 5.0.1 and prior should update to CSA 5.0.2 .

The Patch availability can be found here:https://forums.ivanti.com/s/article/Ivanti-Cloud-Services-Application-5-0-2-Download-Release-Notes-Patch-Historywhich requires an Ivanti account to login and access.

 

 

 

 
View full post