Significant Security Flaw Discovered in Ivanti Cloud Service Appliance Under Active Attack
In a recent disclosure, Ivanti announced that a newly patched security vulnerability in its Cloud Service Appliance (CSA) is currently being exploited in the wild. This serious issue, identified as CVE-2024-8190, has been assigned a CVSS score of 7.2, indicating a high level of severity and the potential for remote code execution under certain conditions.
According to Ivanti’s advisory released earlier this week, the vulnerability stems from an operating system command injection flaw affecting CSA versions 4.6 Patch 518 and earlier. This weakness allows a remote, authenticated attacker with administrative privileges to gain access to execute arbitrary commands on the affected systems. The gravity of this situation has escalated since Ivanti noted confirmed exploitation of this flaw targeting a limited number of customers.
The affected Ivanti CSA version 4.6 has reached end-of-life status, necessitating immediate action from users to upgrade to a supported version. Ivanti has addressed this vulnerability in CSA 4.6 Patch 519 but warns that this will be the last fix made available for this version. Customers are urged to transition to Ivanti CSA 5.0, which is currently the only supported version and does not harbor this vulnerability.
In its update, Ivanti did not disclose the specifics of the ongoing attacks or the identities of those behind the exploitation. However, it is noteworthy that several vulnerabilities in Ivanti products have previously been targeted by cyberespionage groups from China, raising concerns about the potential involvement of state-sponsored threat actors.
The implications of this vulnerability have prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to include CVE-2024-8190 in its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have been instructed to apply the necessary fixes before October 4, 2024, underscoring the urgency surrounding this issue.
These developments coincide with cybersecurity research by Horizon3.ai, which highlighted a separate critical deserialization vulnerability, CVE-2024-29847, affecting Ivanti Endpoint Manager (EPM) and rated with a perfect CVSS score of 10.0. Such critical vulnerabilities underscore the growing risks businesses face in managing and mitigating these threats.
Given the nature of this vulnerability and its exploitation, several MITRE ATT&CK framework tactics may have been utilized by malicious actors. These include initial access, through exploiting legitimate administrative credentials; privilege escalation, allowing attackers to gain higher-level access needed for command execution; and persistence, as attackers may establish backdoors for continued access.
Business owners need to remain vigilant and responsive to these threats, ensuring their systems and applications are up to date to mitigate potential risks. Awareness of such vulnerabilities is imperative for maintaining the integrity and security of organizational data and resources.
For those interested in staying informed on the latest cybersecurity developments, following reputable sources will provide critical insights into emerging threats and effective defensive strategies.
Source Link : https://thehackernews.com/2024/09/ivanti-warns-of-active-exploitation-of.html
