Ivanti has uncovered that a recently patched security vulnerability in its Cloud Service Appliance (CSA) is being actively exploited in the wild.
The critical vulnerability identified as CVE-2024-8190 (CVSS score: 7.2) permits remote code execution under specific conditions.
“An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier enables a remote authenticated attacker to gain remote code execution,” Ivanti stated in a recent advisory. “The attacker must possess admin level privileges to exploit this vulnerability.”
The vulnerability affects Ivanti CSA 4.6, which has already reached end-of-life status, necessitating customers to upgrade to a supported version. The issue has been addressed in CSA 4.6 Patch 519.
“This is the final fix that Ivanti will backport for this version given its end-of-life status,” the Utah-based IT software company highlighted. “Customers must transition to Ivanti CSA 5.0 for ongoing support.”
“CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already using Ivanti CSA 5.0 need not take any additional steps.”
On a recent update, Ivanti revealed confirmed exploitation of the vulnerability in the wild targeting a limited number of customers.
No specific details regarding the attacks or the identity of threat actors leveraging it were disclosed, however, numerous other vulnerabilities in Ivanti products have been exploited as zero-days by Chinese cyberespionage groups.
The emergence of this issue has led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to include the vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply the patches by October 4, 2024.
This disclosure coincides with cybersecurity firm Horizon3.ai publishing an in-depth technical analysis of a critical deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) affecting Endpoint Manager (EPM) that leads to remote code execution.