Ivanti is facing a critical security challenge with three zero-day vulnerabilities encountered in its Cloud Service Appliance (CSA) that are actively exploited by cybercriminals.
According to the Utah-based software services provider, these vulnerabilities, when leveraged in conjunction with a previously patched flaw, pose severe risks to organizations.
The implications of these vulnerabilities include the ability for an authenticated attacker with admin privileges to circumvent restrictions, execute malicious SQL statements, and achieve remote code execution.
Confirming the severity of the situation, the company stated in a blog post that a subset of customers using CSA 4.6 patch 518 and older versions have fallen victim to exploitation when chained with CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381, alongside CVE-2024-8963.
No instances of exploitation have been reported on customer systems running CSA 5.0. A concise overview of these vulnerabilities is as follows:
- CVE-2024-9379 (CVSS score: 6.5) – SQL injection vulnerability in the admin web console of Ivanti CSA allowing remote authenticated attackers with admin privileges to run arbitrary SQL commands.
- CVE-2024-9380 (CVSS score: 7.2) – OS command injection flaw in the admin web console of Ivanti CSA enabling remote authenticated attackers with admin privileges to achieve remote code execution.
- CVE-2024-9381 (CVSS score: 7.2) – Path traversal weakness in Ivanti CSA allowing remote authenticated attackers with admin privileges to bypass access restrictions.
Based on Ivanti’s observations, the attacks involve a combination of these flaws with CVE-2024-8963, a critical path traversal vulnerability facilitating unauthorized access to restricted features.
During their investigation into the exploitation of CVE-2024-8963 and CVE-2024-8190, Ivanti discovered these new vulnerabilities, prompting urgent action to safeguard systems by updating to version 5.0.2 and conducting security audits on affected appliances.
Stay tuned for more cybersecurity updates by following us on Twitter and LinkedIn.