In the wake of ongoing concerns over vulnerabilities in Ivanti’s Cloud Services Appliance (CSA), the company has identified three additional vulnerabilities that are currently being exploited in the wild, raising alarms among customers.
According to Ivanti, there has been limited exploitation of the vulnerabilities, which include CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381. These vulnerabilities are being chained together with a previously disclosed zero-day vulnerability, CVE-2024-8963, that was found in Ivanti’s CSA.
CVE-2024-9379 has a CVSS rating of 6.5 and allows a remote authenticated attacker with privileges to run SQL statements. CVE-2024-9380, with a CVSS score of 7.2, is an operating system command injection vulnerability that can allow a remote authenticated attacker to execute remote code with admin privileges. Lastly, CVE-2024-9381, also with a CVSS score of 7.2, is a path traversal vulnerability that allows a remote authenticated attacker to bypass restrictions with admin privileges.
These vulnerabilities were discovered on systems running CSA 4.6 patch 518 and earlier versions. Fortunately, there have been no reported cases of exploitation on systems running CSA 5.0.
In response to the vulnerabilities, Ivanti has issued recommendations for customers to ensure the security of their CSA. They advise users to review the CSA for any modified or newly added administrative users and to review EDR alerts if security tools are installed on the CSA. Additionally, Ivanti strongly recommends using a layered approach to security and installing an EDR tool on the CSA.
If a user suspects that their system has been compromised, Ivanti recommends rebuilding the CSA with version 5.0 to mitigate any potential risks.
The discovery of these vulnerabilities underscores the importance of maintaining strong security measures and staying vigilant against potential threats. Customers are urged to follow Ivanti’s recommendations to protect their systems and prevent any unauthorized access or exploitation of their CSA.
As the cybersecurity landscape continues to evolve, companies like Ivanti play a crucial role in identifying and addressing vulnerabilities to ensure the integrity and security of their products. By taking proactive measures and staying informed about potential risks, users can help safeguard their systems and data from malicious actors.