Skip to the content.

DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA)

Our reference DIVD-2024-00046
Case lead Alwin Warringa
Researcher(s)
CVE(s)
Products
  • Ivanti Cloud Services Appliance (CSA)
Versions
  • Ivanti CSA before 4.6 Patch 519
Recommendation Upgrade the Ivanti CSA 4.6 to CSA 5.0
Patch status Patch available
Workaround none
Status Open
Last modified 20 Nov 2024 19:58 CET

Summary

Ivanti has disclosed a critical vulnerability in Ivanti CSA 4.6 which was incidentally addressed in the patch released on 10 September (CSA 4.6 Patch 519). Successful exploitation could allow a remote unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190 an attacker can bypass admin authentication and execute arbitrary commands on the appliance.

Recommendations

To remediate CVE-2024-8963 and CVE-2024-8190, update to version 5.0. You can find a link to the Ivanti CSA bulletin at the bottom of this post.

What we are doing

DIVD is currently working to identify parties that are running a vulnerable version of Ivanti CSA and to notify these parties.

Timeline

Date Description
24 Sep 2024 DIVD starts researching the vulnerability.
11 Nov 2024 DIVD finds fingerprint, preparing to scan.
11 Nov 2024 Case opened and starting first scan.
20 Nov 2024 Second scan.
20 Nov 2024 Mails sent out.
gantt title DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA) dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2024-00046 - Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA) (still open) :2024-09-24, 2025-01-04 section Events DIVD starts researching the vulnerability. : milestone, 2024-09-24, 0d DIVD finds fingerprint, preparing to scan. : milestone, 2024-11-11, 0d Case opened and starting first scan. : milestone, 2024-11-11, 0d Second scan. : milestone, 2024-11-20, 0d Mails sent out. : milestone, 2024-11-20, 0d

More information