Ivanti has released patches for its Cloud Services Appliance (CSA) to address multiple vulnerabilities, including one that is actively being exploited in the wild.
The vulnerabilities affect CSA versions 5.0.1 and prior and include:
- The first vulnerability tracked as CVE-2024-9379 with a CVSS score of 6.5 is a type of SQL injection in the admin web console, allowing attackers with admin privileges to run arbitrary SQL statements.
- The second vulnerability tracked as CVE-2024-9380 with a CVSS score of 7.2 is an OS command injection in the admin web console, enabling attackers with admin privileges to gain remote code execution.
- The third vulnerability tracked as CVE-2024-9381 with a CVSS score of 7.2 is a Path traversal vulnerability allowing attackers with admin privileges to bypass restrictions.
As per Ivanti, it is aware of the exploitation of a limited number of customers on CSA 4.6. The exploitation involves chaining CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381 with a previously addressed vulnerability, CVE-2024-8963, that could lead to unauthenticated remote code execution.
CVE-2024-8963, the vulnerability being chained to exploit the newly discovered flaws, was incidentally addressed in previous versions of CSA 5.0 with the removal of unnecessary code.
Ivanti recommends of customers updating to the latest version, 5.0.2, which contains fixes for all three vulnerabilities. Since Ivanti’s CSA 4.6 is end-of-life and no longer receiving security updates. Users still running CSA 4.6 are strongly encouraged to upgrade to version 5.0.2 to ensure their systems are protected.
