Ivanti has disclosed that a recently patched security vulnerability in its Cloud Service Appliance (CSA) is being actively exploited in the wild.
The vulnerability, known as CVE-2024-8190 with a CVSS score of 7.2, enables remote code execution under specific conditions.
According to Ivanti, \”An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier allows a remote authenticated attacker to achieve remote code execution. The attacker must possess admin level privileges to exploit this vulnerability.\”
The vulnerability affects Ivanti CSA 4.6, which has reached end-of-life status, necessitating customers to upgrade to a supported version moving forward. The issue has been resolved in CSA 4.6 Patch 519.
\”With the end-of-life status, this is the final fix that Ivanti will provide for this version,\” stated the Utah-based IT software company. \”Customers must upgrade to Ivanti CSA 5.0 for ongoing support.\”
\”CSA 5.0 is the only supported version and does not contain this vulnerability. Customers who are already using Ivanti CSA 5.0 do not need to take any further action.\”
Recently, Ivanti updated its advisory to report confirmed exploitation of the vulnerability in the wild targeting a limited number of customers.
No additional details regarding the attacks or the threat actors leveraging the vulnerability were disclosed. However, several other vulnerabilities in Ivanti products have been exploited as zero-day vulnerabilities by Chinese cyberespionage groups.
This development has led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to include the vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply the patches by October 4, 2024.
Furthermore, cybersecurity firm Horizon3.ai published an in-depth technical analysis of a critical deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) affecting Endpoint Manager (EPM), resulting in remote code execution.