A critical vulnerability in Ivanti’s Cloud Service Appliance (CSA) has been actively exploited by attackers. The flaw, tracked as CVE-2024-8190, allows attackers to gain unauthorized access to sensitive data and execute arbitrary commands on vulnerable systems. The vulnerability exists in the CSA’s authentication mechanism and can be exploited by attackers who can send specially crafted requests to the CSA. This attack vector allows attackers to bypass the CSA’s security measures and gain access to the underlying operating system. The vulnerability has been exploited in the wild by a suspected nation-state adversary. There are strong indications that China is behind the attacks. Organizations using Ivanti CSA should prioritize patching the vulnerability immediately to reduce their risk of being compromised.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added three new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, due to confirmed reports of active exploitation in the wild. These vulnerabilities pose significant risks to organizations and require immediate attention. The three vulnerabilities added to the KEV Catalog include a format string vulnerability in multiple Fortinet products, a SQL injection vulnerability in Ivanti Cloud Services Appliance (CSA), and an OS command injection vulnerability in Ivanti CSA. The addition of these vulnerabilities to the KEV Catalog highlights the ongoing threat posed by malicious cyber actors who actively exploit known vulnerabilities. CISA urges all organizations to prioritize timely remediation of vulnerabilities listed in the KEV Catalog as part of their vulnerability management practices to reduce their exposure to cyberattacks.
Microsoft has released its October 2024 Patch Tuesday updates, addressing a total of 117 vulnerabilities across its ecosystem. This includes three critical vulnerabilities, two of which have been actively exploited in the wild, highlighting the importance of prompt patching to mitigate these risks. The first actively exploited vulnerability, CVE-2024-43572, is a remote code execution vulnerability in the Microsoft Management Console (MMC). It allows attackers to execute arbitrary code on a targeted system by tricking users into loading a malicious MMC snap-in. The second actively exploited vulnerability, CVE-2024-43573, is a platform spoofing vulnerability in Windows MSHTML. This vulnerability allows attackers to disguise themselves as trusted sources, potentially gaining unauthorized access to systems or data. The third critical vulnerability, CVE-2024-43468, is a remote code execution vulnerability in Microsoft Configuration Manager, which could allow attackers to execute commands on the targeted server or database without user interaction. The release also includes other critical vulnerabilities affecting various Microsoft products, including .NET, OpenSSH for Windows, Power BI, and Windows Hyper-V. Organizations are strongly advised to prioritize the installation of these security updates to protect their systems from potential attacks.
Three critical vulnerabilities, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, were found in Ivanti Cloud Services Appliance (CSA), a device facilitating secure communication and management of devices over the internet. CVE-2024-9379 is an SQL injection vulnerability, CVE-2024-9380 is an OS command injection flaw, and CVE-2024-9381 is a path traversal vulnerability. These vulnerabilities allow a remote authenticated attacker with admin privileges to execute arbitrary commands and bypass restrictions, potentially leading to a complete compromise of the CSA. Active exploitation of these vulnerabilities has been confirmed, and security teams are urged to prioritize patching.
Qualcomm released its monthly security bulletin in October 2024, addressing numerous vulnerabilities impacting its proprietary software and open-source components. Notably, one critical vulnerability in Qualcomm’s proprietary software and another in open-source components are actively exploited in the wild. The vulnerabilities impact Snapdragon mobile platforms and FastConnect solutions, posing a significant risk to system integrity and potentially allowing attackers to execute arbitrary code on affected devices. CVE-2024-43047, a high-severity Use-After-Free flaw in the DSP Service, has been confirmed to be under limited, targeted exploitation. Qualcomm has provided patches for this vulnerability, urging immediate deployment to mitigate the risk. CVE-2024-33066, another critical vulnerability in the WLAN Resource Manager, could lead to memory corruption and remote code execution (RCE), potentially allowing attackers to fully compromise the device. This vulnerability arises from improper input validation, making it crucial for users with affected devices to update their Snapdragon components to the latest firmware version as soon as possible.
A critical vulnerability, tracked as CVE-2024-8190, in Ivanti’s Cloud Service Appliance (CSA) version 4.6 has been actively exploited by attackers. This vulnerability allows for arbitrary code execution on the underlying operating system if an attacker gains administrative privileges, likely through weak passwords or brute-force attacks. Ivanti strongly recommends upgrading to CSA version 5.0 to mitigate this risk, as version 4.6 has reached end-of-life. This incident highlights the importance of timely software updates to address security vulnerabilities before they are exploited by malicious actors.
A critical vulnerability (CVE-2024-8190) in Ivanti’s Cloud Services Appliance (CSA) has been actively exploited by malicious actors. This vulnerability allows attackers to gain unauthorized access and control of affected systems via OS command injection. The flaw specifically impacts older versions of CSA, including 4.6 (all versions before patch 519). The use of older versions of products can cause a lot of problems, as attackers can utilize old exploits against vulnerable products and systems. The urgency of this situation highlights the need for organizations to update their CSA software to the latest patched version or, if they have versions older than CSA 5.0, to consider adopting a newer product which has been properly secured. CISA advises that affected users immediately upgrade to CSA version 5.0, or a newer version.
A critical vulnerability (CVE-2024-8963) affecting the Ivanti Cloud Services Appliance (CSA) has been identified as being actively exploited in the wild. This vulnerability allows attackers to bypass administrative controls, potentially enabling them to gain unauthorized access and execute commands on the system. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, urging organizations to prioritize remediation efforts. Organizations that utilize the Ivanti CSA product should immediately apply the available patches and follow Ivanti’s security advisories to mitigate the risk of exploitation. Continuous monitoring and threat intelligence are necessary to stay informed about potential threats and vulnerabilities affecting your IT infrastructure.