Skip to main content

Critical vulnerabilities could allow an attacker to bypass admin authentication and execute arbitrary commands on the appliance

Threat ID:CC-4552
Threat Severity:Medium
Published:20 September 2024 2:19 PM

Summary

Critical vulnerabilities could allow an attacker to bypass admin authentication and execute arbitrary commands on the appliance

Affected platforms

The following platforms are known to be affected:

Versions: CSA 4.6 (All versions before Patch 519)
Ivanti Endpoint ManagerAffects Cloud Services Appliance (CSA)

Threat details

Affected version has reached End-of-Life (EOL)

Ivanti Cloud Services Appliance (CSA) 4.6 is End-of-Life (EOL) and no longer receives patches for OS or third-party libraries. Please refer to Ivanti Endpoint Manager and Ivanti Endpoint Manager Security Suite and Ivanti Cloud Service Application (CSA) - End-of-Life (EOL) for the updated End-of-Life (EOL) dates matrix.

CSA 5.0 is the only supported version of the product and is not affected by this vulnerability.


Introduction

Ivanti has released security advisories addressing two vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint Manager, but security fixes are maintained separately.

  • CVE-2024-8963 is a critical vulnerability with a CVSSv3 score of 9.4 that could allow a remote unauthenticated attacker to access restricted functionality.
  • CVE-2024-8190 is a high severity vulnerability with a CVSSv3 score of 7.2 that could lead to unauthorised access to the device running the CSA. 

Chained together, the two vulnerabilities can allow an attacker to achieve remote code execution (RCE) on the appliance. 


Exploitation of CVE-2024-8190 & CVE-2024-8963

Active exploitation of CVE-2024-8190 and CVE-2024-8963 have been observed in the wild.

Remediation advice

Affected organisations are strongly encouraged to review Security Advisory Ivanti CSA 4.6 (Cloud Services Appliance) (CVE-2024-8963) and Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190) for guidance to apply any relevant security updates.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-8963Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
StatusPublished
CVE-2024-8190An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

Last edited: 20 September 2024 2:19 pm

Back to top