Skip to main content

Updates address exploited vulnerabilities in Cloud Services Application and one critical vulnerability in Connect Secure and Policy Secure

Threat ID:CC-4559
Threat Severity:Medium
Published:9 October 2024 3:58 PM

Summary

Updates address exploited vulnerabilities in Cloud Services Application and one critical vulnerability in Connect Secure and Policy Secure

Affected platforms

The following platforms are known to be affected:

Versions: CSA Prior to 5.0.1
Ivanti Endpoint ManagerAffects Cloud Services Appliance (CSA)
Versions: Prior to 22.7R2.1
Ivanti Connect Secure
Versions: Prior to 22.7R1.1
Ivanti Policy Secure

Threat details

Exploitation chain of CVE-2024-8963 with CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381

Ivanti has stated a limited number of customers running CSA 4.6 patch 518 and prior have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 is chained with CVE-2024-8963.

CVE-2024-8963 is a critical vulnerability with a CVSSv3 score of 9.4 that could allow a remote unauthenticated attacker to access restricted functionality. This vulnerability was previously discussed in Cyber Alert CC-4552 and noted as exploited. 


Introduction

Ivanti has released security advisories addressing vulnerabilities in multiple products.

Three vulnerabilities affecting Cloud Services Appliance (CSA) have been exploited by being chained together with previously patched vulnerability CVE-2024-8963.

  • CVE-2024-9381 has a CVSSv3 score of 7.2 and is a path traversal vulnerability in Ivanti CSA. If exploited, a remote authenticated attacker with admin privileges could bypass restrictions.
  • CVE-2024-9380 has a CVSSv3 score of 7.2 and is an OS command injection vulnerability in the admin web console of Ivanti CSA. If exploited, a remote authenticated attacker with admin privileges could achieve remote code execution (RCE).
  • CVE-2024-9379 has a CVSSv3 score of 6.5 and is an SQL injection vulnerability in the admin web console of Ivanti CSA. If exploited, a remote authenticated attacker with admin privileges could run arbitrary SQL statements.

Additionally, CVE-2024-37404 has a CVSSv3 score of 9.1 and is an improper input validation vulnerability in the admin portal of Ivanti Connect Secure or Ivanti Policy Secure. If exploited, a remote authenticated attacker could achieve remote code execution.

Remediation advice

Affected organisations are strongly encouraged to review the following security advisories and apply any relevant updates.

Definitive source of threat updates

CVE Vulnerabilities

StatusReserved
CVE-2024-37404
StatusPublished
CVE-2024-9379SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
StatusPublished
CVE-2024-9380An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
StatusPublished
CVE-2024-9381Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

Last edited: 9 October 2024 3:59 pm

Back to top