A critical vulnerability (CVE-2024-8190) in Ivanti’s Cloud Services Appliance (CSA) has been actively exploited by malicious actors. This vulnerability allows attackers to gain unauthorized access and control of affected systems via OS command injection. The flaw specifically impacts older versions of CSA, including 4.6 (all versions before patch 519). The use of older versions of products can cause a lot of problems, as attackers can utilize old exploits against vulnerable products and systems. The urgency of this situation highlights the need for organizations to update their CSA software to the latest patched version or, if they have versions older than CSA 5.0, to consider adopting a newer product which has been properly secured. CISA advises that affected users immediately upgrade to CSA version 5.0, or a newer version.
A critical vulnerability (CVE-2024-8963) affecting the Ivanti Cloud Services Appliance (CSA) has been identified as being actively exploited in the wild. This vulnerability allows attackers to bypass administrative controls, potentially enabling them to gain unauthorized access and execute commands on the system. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, urging organizations to prioritize remediation efforts. Organizations that utilize the Ivanti CSA product should immediately apply the available patches and follow Ivanti’s security advisories to mitigate the risk of exploitation. Continuous monitoring and threat intelligence are necessary to stay informed about potential threats and vulnerabilities affecting your IT infrastructure.
A critical vulnerability, CVE-2024-8963, affecting Ivanti’s Cloud Services Appliance (CSA) is under active exploitation by threat actors. This path traversal flaw allows remote attackers to bypass administrative controls and access restricted functionality, potentially leading to unauthorized access and arbitrary command execution. This vulnerability is chainable with a previously disclosed command injection vulnerability, CVE-2024-8190, which also allows attackers to bypass authentication and execute commands on the appliance, emphasizing the urgency of patching.
Powerful state actors, suspected to be Russian, have been utilizing sophisticated spyware exploits in a series of “watering hole” attacks. These exploits bear a striking resemblance to those created by NSO Group and Intellexa, indicating a potential link between state actors and commercial spyware vendors. This situation raises serious concerns about the potential misuse of advanced surveillance technologies and the need for stronger regulations to prevent their exploitation.