DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA)
Our reference | DIVD-2024-00046 |
Case lead | Alwin Warringa |
Researcher(s) | |
CVE(s) | |
Products |
|
Versions |
|
Recommendation | Upgrade the Ivanti CSA 4.6 to CSA 5.0 |
Patch status | Patch available |
Workaround | none |
Status | Open |
Last modified | 20 Nov 2024 19:58 CET |
Summary
Ivanti has disclosed a critical vulnerability in Ivanti CSA 4.6 which was incidentally addressed in the patch released on 10 September (CSA 4.6 Patch 519). Successful exploitation could allow a remote unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190 an attacker can bypass admin authentication and execute arbitrary commands on the appliance.
Recommendations
To remediate CVE-2024-8963 and CVE-2024-8190, update to version 5.0. You can find a link to the Ivanti CSA bulletin at the bottom of this post.
What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of Ivanti CSA and to notify these parties.
Timeline
Date | Description |
---|---|
24 Sep 2024 | DIVD starts researching the vulnerability. |
11 Nov 2024 | DIVD finds fingerprint, preparing to scan. |
11 Nov 2024 | Case opened and starting first scan. |
20 Nov 2024 | Second scan. |
20 Nov 2024 | Mails sent out. |