Skip to main content
close search
site logo
Dive Brief

Hackers exploit CVE in older versions of Ivanti Cloud Service Appliance

Version 4.6 has reached end of life and the company is urging customers to upgrade to version 5.0 to receive support.

Published Sept. 16, 2024
David Jones's headshot
Reporter
An image of a digital lock is shown
Hackers are increasingly targeting out-of-service applications for malicious attacks. Just_Super via Getty Images

Dive Brief:

  • Malicious actors have exploited a high-severity vulnerability in Ivanti Cloud Service Appliance version 4.6 and before in a limited number of customers, just days after the company released security updates, Ivanti said Friday in an updated advisory
  • The operating system command injection vulnerability, listed as CVE-2024-8190, could allow an authenticated attacker to obtain remote code execution. The vulnerability has a CVSS score of 7.2, and the advisory notes an attacker must obtain admin-level privileges to exploit the CVE.
  • The company warned that Ivanti CSA version 4.6 had reached end of life and no longer receives patches. Ivanti urged customers to upgrade to version 5.0 in order to receive continued support. Those already running version 5.0 do not need to take any additional actions.

Dive Insight:

Ivanti is working with a limited number of customers affected by the vulnerability, a spokesperson confirmed Friday via email. The company has not released any details on the specific attacks. 

The Cybersecurity and Infrastructure Security Agency added the vulnerability to its known exploited vulnerabilities catalog. The move requires federal civilian executive branch agencies to address the vulnerabilities by Oct. 4. 

CISA was targeted earlier this year by hackers exploiting critical vulnerabilities in Ivanti Connect Secure. Ivanti in April announced a comprehensive effort to overhaul its internal security practices. 

The company said users can check for potential compromise by reviewing the Ivanti CSA for newly added or modified administrative users. Some compromise attempts may show up in broker logs, which are available locally on the system. Users can also review endpoint detection and response alerts.   

More threat groups are targeting older vulnerabilities in end-of-life applications as some customers run outdated software in aging equipment and forget to apply security upgrades.

Editors' picks

Company Announcements

View all | Post a press release
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Chemonics International Data Breach Investigation
From Migliaccio & Rathod LLP
December 04, 2024
Rumpke Data Breach Investigation
From Migliaccio and Rathod
December 11, 2024
Migliaccio and Rathod Investigates Byte Federal Data Breach
From Migliaccio and Rathod
December 12, 2024
Editors' picks
Latest in Vulnerability
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.