Lower than two weeks after patching one flaw, Ivanti introduced on Sept. 19 {that a} second, vital Cloud Providers Equipment (CSA) vulnerability is being exploited within the wild.
The vulnerability (CVE-2024-8963, CVSS 9.4) is a path traversal in Ivanti CSA that permits a distant, unauthenticated attacker to entry restricted functionalities. Attackers have chained it to the beforehand disclosed flaw, CVE-2024-8190, which is a high-severity OS command injection flaw that may permit unauthorized entry to units. The chain could be exploited for distant code execution (RCE), if the attacker has admin-level privileges.
“If CVE-2024-8963 is used along with CVE-2024-8190 an attacker can bypass admin authentication and execute arbitrary instructions on the equipment,” the enterprise mentioned.
The information comes throughout an ongoing collection of safety points Ivanti has confronted since 2023.
Not First & Doubtless Not the Final
Simply this yr alone, Ivanti has confronted flaw after flaw; in February, the Cybersecurity and Infrastructure Safety Company (CISA) ordered Ivanti VPN home equipment be disconnected, rebuilt, and reconfigured in 48 hours, after there have been issues that a number of menace actors have been exploiting safety flaws discovered within the techniques.
In April, overseas nation-state hackers took benefit of weak Ivanti gateway units and attacked MITRE, breaking its 15-year streak of being incident free. And MITRE wasn’t alone on this, as hundreds of Ivanti VPN cases have been compromised resulting from two unpatched zero-day vulnerabilities.
And in August, Ivanti’s Digital Visitors Supervisor (vTM) harbored a vital vulnerability that might have led to authentication bypass and creation of an administrator person with out the patch that the enterprise offered.
“These identified however unpatched vulnerabilities have emerged a favourite goal for attackers as a result of they’re straightforward to take advantage of and oftentimes organizations do not know that units with EOL techniques are nonetheless operating of their community,” Greg Fitzgerald, co-founder of Sevco Safety, mentioned in an emailed assertion to Darkish Studying.
Safety in an Ongoing Storm
To mitigate this menace, Ivanti recommends that its prospects improve the Ivanti CSA 4.6 to CSA 5.0. They will additionally replace CSA 4.6 Patch 518 to Patch 519; nonetheless, this product has entered finish of life, so it is really helpful to improve to CSA 5.0 as an alternative.
Along with this, Ivanti recommends that each one prospects guarantee dual-homed CSA configurations with eth0 as an inside community.
Clients ought to overview the CSA for modified or newly added directors if they’re involved that they might have been compromised. If customers have endpoint detection and response (EDR) put in, it is really helpful to overview these alerts as effectively.
Customers can request assist or ask questions by logging a case or requesting a name via Ivanti’s Success Portal.
