The US CISA added Ivanti vulnerability tracked as CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation
The vulnerability affects Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console, which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Since Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.
CISA has set 4th October 2024 as a deadline for federal agencies to remediate the vulnerability
