Skip to main content
close search
site logo
Dive Brief

Attackers exploit second Ivanti Cloud Service Appliance flaw for more access

Hackers are exploiting the vulnerability in tandem with a previously disclosed CVE, to bypass authentication measures and take control of an affected system.

Published Sept. 20, 2024
David Jones's headshot
Reporter
A digital blue fingerprint lifted being lifted off a mirrored surface against a black background. Binary code makes up the fingerprint.
Just_Super via Getty Images

Dive Brief:

  • Ivanti warned Thursday of a critical path traversal vulnerability in Cloud Service Appliance, which is currently facing exploitation attempts by hackers. The vulnerability, listed as CVE-2024-8963, has a CVSS score of 9.4 and allows an unauthenticated hacker to gain access to restricted functionality.
  • Ivanti previously issued a patch for CSA on Sept. 10., but the company said the path traversal vulnerability was discovered while investigating exploitation linked to an OS command injection vulnerability, listed as CVE-2024-8190. 
  • The company warned that when the two vulnerabilities are used in conjunction with each other, a hacker can bypass admin authentication and execute arbitrary commands.

Dive Insight:

The exploited vulnerabilities mark the latest in a series of security issues Ivanti has faced since late 2023. State-linked hackers began targeting zero-day vulnerabilities in Ivanti Connect Secure, leading to thousands of devices being compromised. 

The Cybersecurity and Infrastructure Security Agency was among those impacted during the attack spree. 

The company eventually agreed to overhaul its internal security culture, promising major changes in how it developed products and worked with customers and the security community. 

The current attacks began just days after the company released security updates. 

An Ivanti spokesperson said “we strongly urge” all customers using CSA version 4.6 to upgrade to version 5.0, as the prior version had reached end-of-life and no longer receives support and security upgrades. 

Ivanti previously confirmed there were a limited number of customers that had been impacted by the exploitation, but did not share specific details of those attacks. 

In order to determine whether an appliance has been compromised, Ivanti said users should review the CSA for administrative users that have been newly added or modified. Some attempts may show up in broker logs, which are local to the system. 

The company suggests installing an endpoint detection and response tool on the system as part of a layered approach. Users should also review endpoint detection and response alerts if EDR or another security tool is already installed.   

The Cybersecurity and Infrastructure Security Agency on Thursday added CVE-2024-8963 to its known exploited vulnerabilities catalog. CISA had previously added CVE-2024-8190 to the catalog. 

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell