Lower than two weeks after patching one flaw, Ivanti introduced on Sept. 19 {that a} second, crucial Cloud Providers Equipment (CSA) vulnerability is being exploited within the wild.
The vulnerability (CVE-2024-8963, CVSS 9.4) is a path traversal in Ivanti CSA that enables a distant, unauthenticated attacker to entry restricted functionalities. Attackers have chained it to the beforehand disclosed flaw, CVE-2024-8190, which is a high-severity OS command injection flaw that may enable unauthorized entry to gadgets. The chain could be exploited for distant code execution (RCE), if the attacker has admin-level privileges.
“If CVE-2024-8963 is used together with CVE-2024-8190 an attacker can bypass admin authentication and execute arbitrary instructions on the equipment,” the enterprise mentioned.
The information comes throughout an ongoing sequence of safety points Ivanti has confronted since 2023.
Not First & Possible Not the Final
Simply this yr alone, Ivanti has confronted flaw after flaw; in February, the Cybersecurity and Infrastructure Safety Company (CISA) ordered Ivanti VPN home equipment be disconnected, rebuilt, and reconfigured in 48 hours, after there have been considerations that a number of menace actors have been exploiting safety flaws discovered within the techniques.
In April, international nation-state hackers took benefit of weak Ivanti gateway gadgets and attacked MITRE, breaking its 15-year streak of being incident free. And MITRE wasn’t alone on this, as hundreds of Ivanti VPN cases have been compromised as a consequence of two unpatched zero-day vulnerabilities.
And in August, Ivanti’s Digital Visitors Supervisor (vTM) harbored a crucial vulnerability that might have led to authentication bypass and creation of an administrator person with out the patch that the enterprise offered.
“These identified however unpatched vulnerabilities have emerged a favourite goal for attackers as a result of they’re straightforward to take advantage of and oftentimes organizations don’t know that gadgets with EOL techniques are nonetheless operating of their community,” Greg Fitzgerald, co-founder of Sevco Safety, mentioned in an emailed assertion to Darkish Studying.
Safety in an Ongoing Storm
To mitigate this menace, Ivanti recommends that its prospects improve the Ivanti CSA 4.6 to CSA 5.0. They’ll additionally replace CSA 4.6 Patch 518 to Patch 519; nonetheless, this product has entered finish of life, so it is advisable to improve to CSA 5.0 as an alternative.
Along with this, Ivanti recommends that each one prospects guarantee dual-homed CSA configurations with eth0 as an inside community.
Prospects ought to evaluate the CSA for modified or newly added directors if they’re involved that they might have been compromised. If customers have endpoint detection and response (EDR) put in, it is advisable to evaluate these alerts as nicely.
Customers can request assist or ask questions by logging a case or requesting a name by Ivanti’s Success Portal.