Advertisement
A serious security flaw has been found in Ivanti’s Cloud Service Appliance (CSA), which is currently being exploited to access restricted features of the product. Ivanti issued a security advisory this week, acknowledging that a limited number of customers have already been affected.
The CSA serves as a secure gateway, enabling Ivanti software—like Ivanti Endpoint Manager—to communicate with devices outside a company’s network. It allows remote devices to connect to internal services without needing a VPN.
This vulnerability is labeled CVE-2024-8963 and has a high severity rating of 9.4. Hackers can combine this flaw with another issue, CVE-2024-8190, which allows them to inject OS commands. This means they could bypass admin authentication and execute arbitrary commands on vulnerable devices.
Ivanti didn’t specify which companies have been targeted or who the attackers are.
The flaw was “incidentally addressed” in a recent patch (CSA 4.6 Patch 519) released on September 10. However, Ivanti also noted that CSA 4.6 has reached its end-of-life and won’t receive further patches for its operating system or third-party libraries. They emphasized that the fix from September 10 is the last one they will apply to that version. Customers are urged to upgrade to Ivanti CSA 5.0, which is the only supported version and is not affected by this vulnerability.
Given the ongoing exploitation of this bug, the US Cybersecurity and Infrastructure Security Agency (CISA) has included it in its Known Exploited Vulnerabilities catalog, requiring government agencies to patch their systems by October 10.