Ivanti, a leading provider of IT management and security solutions, has released critical security updates for the Ivanti Cloud Services Application (CSA). These updates address vulnerabilities that could lead to authentication bypass, remote code execution (RCE), and arbitrary SQL execution. While there are no known exploits in the wild at the time of disclosure, organizations are strongly urged to update their systems immediately.
- CVE-2024-11639 (CVSS 10): An authentication bypass vulnerability allows unauthenticated attackers to gain administrative access to the admin web console.
- CVE-2024-11772 (CVSS 9.1): A command injection vulnerability allows authenticated attackers with admin privileges to execute arbitrary code on the server.
- CVE-2024-11773 (CVSS 9.1): An SQL injection vulnerability allows authenticated attackers with admin privileges to execute malicious SQL statements.
Ivanti urges all customers to update to CSA version 5.0.3 immediately. The update is available through the Ivanti download portal.
The vulnerabilities, especially CVE-2024-11639, with its perfect CVSS score of 10.0, highlight significant risks to organizations that fail to patch promptly. Exploitation could result in system compromise, data theft, or further attacks on connected systems.
While there are no reports of exploitation in the wild yet, the critical nature of these vulnerabilities means adversaries may soon target unpatched systems. Organizations using Ivanti CSA should act quickly to ensure their infrastructure remains secure.
Related Posts:
- Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities
- Suspected Nation-State Adversary Exploits Ivanti CSA in a Series of Sophisticated Attacks
- CISA & Ivanti Warn of Active Exploitation Cloud Services Appliance Flaw CVE-2024-8190
- Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities
- Critical Flaw in Ivanti CSA 4.6: CVE-2024-8963 Actively Exploited, Urgent Upgrade Required
