A critical path traversal vulnerability, recently discovered in Ivanti’s Cloud Service Appliance (CSA), is being actively exploited in the wild to grant access to restricted product functionalities. This is according to the security advisory Ivanti published earlier this week, in which it said it was “aware of a limited number of customers” who have been exploited by this vulnerability.
CSA is a gateway solution that allows secure communication between Ivanti software products (such as Ivanti Endpoint Manager) and devices outside the corporate network. It acts as a secure bridge for remote devices, enabling them to connect to internal services without the need for a VPN.
The bug is being tracked as CVE-2024-8963, and carries a severity score of 9.4. Ivanti says hackers can chain it to CVE-2024-8190, an OS command injection vulnerability, to bypass admin authentication and run arbitrary commands on the vulnerable endpoint.
End of life
The company did not say which companies were targeted, or by whom.
The bug was “incidentally addressed” as part of CSA 4.6 Patch 519, and CSA 5.0: “Ivanti is disclosing a critical vulnerability in Ivanti CSA 4.6 which was incidentally addressed in the patch released on 10 September (CSA 4.6 Patch 519),” the company said. It stressed that CSA 4.6 is past its end-of-life date, and as such no longer receives patches for OS or third-party libraries.
“Additionally, with the end-of-life status the fix released on 10 September is the last fix Ivanti will backport to that version,” the company concluded. “Customers must upgrade to Ivanti CSA 5.0 for continued support. CSA 5.0 is the only supported version of the product and is not affected by this vulnerability.”
Since the bug is actively exploited, the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalog recently, forcing government agencies to patch up by October 10, The Hacker News found.
Via The Hacker News
More from TechRadar Pro
https://cdn.mos.cms.futurecdn.net/j5YMwZuuKnvAXLyKBEmDrb-1200-80.jpg
Source link