Skip to main content
close search
site logo
Dive Brief

Trio of Ivanti CSA zero-day vulnerabilities under exploit threat

The latest round of exploitation follows more than three weeks of CVE disclosures involving various Ivanti products.

Published Oct. 9, 2024
David Jones's headshot
Reporter
Rendering of digital data code in safety security technology concept.
iStock/Getty Images Plus via Getty Images

Dive Brief:

  • Ivanti released updates for three actively exploited zero-day vulnerabilities in Ivanti Cloud Service Appliance, which hackers are chaining together with a previously disclosed path traversal vulnerability, the company said in a Tuesday blog post
  • Successful exploitation of the flaws can allow an attacker to gain administrative privileges to bypass restrictions, obtain remote code execution or run arbitrary SQL statements. The vulnerabilities are listed as CVE-2024-9379, CVE-2024-9380, CVE-2024-9381
  • Ivanti previously disclosed and issued a patch that would address the prior critical vulnerability, listed as CVE-2024-8963, on Sept. 10. The company said it discovered the path traversal vulnerability when it was investigating exploitation of an OS command injection vulnerability, listed as CVE-2024-8190.

Dive Insight:

Ivanti said it already observed exploitation of CSA 4.6 in a limited set of customers when CVE-2024-9379 or CVE-2024-9380 are chained together with CVE-2024-8963. 

The Cybersecurity and Infrastructure Security Agency on Wednesday added CVE-2024-9379 and CVE-2024-9380 to its known exploited vulnerabilities catalog. Six Ivanti CVEs have been added to the KEV catalog since Sept. 13. 

CSA 4.6 has reached end-of-life status and is no longer supported by the company. The last security fix for the product was issued on Sept. 10. The company is urging customers to upgrade to CSA 5.0.2. 

The vulnerabilities include the following: 

  • CVE-2024-9379, with a CVSS score of 6.5, is a SQL injection vulnerability in the admin web console of Ivanti CSA. A remote authenticated attacker with admin privileges can run arbitrary SQL statements. 
  • CVE-2024-9380, with a CVSS score of 7.2, is an OS command injection vulnerability. A remote authenticated attacker with admin privileges can obtain remote code execution. 
  • CVE-2024-9381, with a CVSS score of 7.2, is a path traversal vulnerability that allows a remote authenticated attacker with admin privileges to bypass restrictions. 

The company and its customers are dealing with widespread exploitation and CVE disclosures in a series of products dating back to mid September. 

Last week, the company warned about active exploitation of a critical vulnerability in Ivanti Endpoint Manager. 

Ivanti, in a security advisory released Tuesday, acknowledged that it promised earlier this year to overhaul its internal processes in order to make more secure products. 

“In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have additionally made improvements to our responsible disclosure process so we can promptly discover and address potential issues,” the company said in the blog post

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell