Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.

The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the company as part of CSA 4.6 Patch 519 and CSA 5.0.

“Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality,” the company said in a Thursday bulletin.

It also noted that the flaw could be chained with CVE-2024-8190 (CVSS score: 7.2), permitting an attacker to bypass admin authentication and execute arbitrary commands on the appliance.

Ivanti has further warned that it’s “aware of a limited number of customers who have been exploited by this vulnerability,” days after it disclosed active exploitation attempts targeting CVE-2024-8190.

This indicates that the threat actors behind the activity are combining the twin flaws to achieve code execution on susceptible devices.

The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by October 10, 2024.

Users are highly recommended to upgrade to CSA version 5.0 as soon as possible, as version 4.6 is end-of-life and no longer supported.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.