Ivanti has disclosed a critical security vulnerability impacting its Cloud Service Appliance (CSA), which has been detected as actively exploited in the wild. The vulnerability, designated as CVE-2024-8963, holds a high CVSS score of 9.4 out of 10, indicating its severity. It was inadvertently addressed in CSA versions 4.6 Patch 519 and 5.0.
According to Ivanti’s advisory, the flaw relates to a Path Traversal issue present in Ivanti CSA prior to Patch 519. This vulnerability enables a remote, unauthenticated attacker to access restricted functionalities. Furthermore, Ivanti cautioned that this vulnerability could potentially be combined with another identified flaw, CVE-2024-8190, which has a CVSS rating of 7.2. This combination would allow attackers to bypass administrative authentication and execute arbitrary commands on the appliance.
The exploitation of this vulnerability has raised significant concern within the cybersecurity community. Ivanti noted that it is aware of a limited number of customers who have experienced exploitation via this vulnerability, coming shortly after it revealed attempted exploits of CVE-2024-8190. The indication here is that threat actors are leveraging these interconnected vulnerabilities to achieve unauthorized code execution on vulnerable devices.
The recent developments have garnered the attention of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), prompting the agency to incorporate the vulnerability into its Known Exploited Vulnerabilities (KEV) catalog. This inclusion necessitates that federal agencies implement the necessary security patches by October 10, 2024.
Professionals in the cybersecurity domain are strongly advised to upgrade to CSA version 5.0 promptly, as version 4.6 has reached its end-of-life and is no longer supported.
The primary targets of this vulnerability are organizations utilizing Ivanti’s Cloud Service Appliance, which are likely based in the United States, given Ivanti’s operational footprint. In terms of potential tactics employed by adversaries during these attacks, techniques outlined in the MITRE ATT&CK framework, such as Initial Access and Privilege Escalation, could have been utilized. Specifically, attackers might exploit the Path Traversal vulnerability to gain access and subsequently leverage the authentication bypass to escalate privileges, thereby executing malicious commands.
In summary, the timely awareness and action against these vulnerabilities are imperative for affected users to safeguard their systems against possible breaches. Businesses that rely on Ivanti’s CSA should prioritize applying the latest patches and consider evaluating their security measures to mitigate risks associated with active vulnerabilities.
