Ivanti has released a patch for a critical vulnerability in its new Cloud Services Appliance (CSA) vulnerability, which will lead to a path traversal issue
The vulnerability tracked as CVE-2024-8963 with a CVSS score of 9.4, a remote unauthenticated attacker could exploit the vulnerability to access restricted functionality. An attacker could chain the issue with the recently disclosed flaw CVE-2024-8190 to bypass admin authentication and execute arbitrary commands on the appliance.
Ivanti notes that CSA 4.6 is end-of-life and no longer receives updates for OS or third-party libraries. Customers must upgrade to Ivanti CSA 5.0 for continued support. This version is not impacted by this vulnerability.
The vulnerability is exploited in the wild during the attacks. However, only a limited number of customers who have been exploited by this vulnerability, the company states.
The vulnerability was discovered as Ivanti investigated the exploitation that Ivanti disclosed on 13 September. The root cause of this vulnerability was discovered as the issue had been incidentally addressed with some of the functionality removal that had been included in patch 519.
Ivanti recommends that customers check the Cloud Services Appliance for any modified or newly added administrative users. Although inconsistent, some attack attempts may appear in the local broker logs. They also recommend reviewing endpoint detection and response alerts if such tools are installed on the CSA.
Based on the evidence of active exploitation, CISA has added the vulnerability to its KEV catalog and set October 10, 2024 as time to all federal agencies to fix the vulnerabilities.
