Image Credits - thehackernews
Advertisement
A significant path traversal vulnerability in Ivanti’s Cloud Service Appliance (CSA) is currently being exploited by malicious actors to access restricted functionalities within the product. This alarming news comes from a security advisory released by Ivanti earlier this week, where the company acknowledged that a “limited number of customers” have been impacted by this critical vulnerability.
The Ivanti Cloud Service Appliance functions as a secure gateway, facilitating communication between Ivanti software solutions, such as Ivanti Endpoint Manager, and devices that exist outside of corporate networks. It allows remote devices to connect to internal services without requiring a VPN, making it a crucial tool for organizations relying on remote work.
The vulnerability, identified as CVE-2024-8963, is rated with a high severity score of 9.4. According to Ivanti, this flaw can be exploited in conjunction with another vulnerability, CVE-2024-8190, which pertains to OS command injection. This exploitation can allow attackers to bypass administrative authentication, enabling them to execute arbitrary commands on the compromised endpoint.
While Ivanti has not disclosed the specific organizations affected or the identity of the attackers, the company did mention that the issue was “incidentally addressed” in the recent CSA 4.6 Patch 519. However, CSA 4.6 has reached its end-of-life status, meaning it no longer receives updates for the operating system or third-party libraries. The company emphasized that the fix implemented on September 10 is the final update that will be backported to that version.
For continued support and security, Ivanti advises customers to upgrade to Ivanti CSA 5.0, the sole supported version of the product that is unaffected by this vulnerability. This upgrade is essential for maintaining the security and integrity of systems utilizing the Ivanti Cloud Service Appliance.
As cyber threats continue to evolve, organizations must remain vigilant about software vulnerabilities and prioritize updates to safeguard their networks.