Ivanti Patches CSA Appliance Against Vulnerabilities, Including Actively Exploited Flaws

CVE-2024-9379, CVE-2024-9380, CVE-2024-9381

Ivanti has recently released urgent security updates for its Cloud Services Appliance (CSA) to address multiple vulnerabilities, including one that is actively being exploited in the wild. The company urges all users to update their systems immediately to prevent potential compromise.

The vulnerabilities affect CSA versions 5.0.1 and prior and include:

  • CVE-2024-9379 (CVSS 6.5): SQL injection in the admin web console, allowing attackers with admin privileges to run arbitrary SQL statements.
  • CVE-2024-9380 (CVSS 7.2): OS command injection in the admin web console, enabling attackers with admin privileges to gain remote code execution.
  • CVE-2024-9381 (CVSS 7.2): Path traversal vulnerability allowing attackers with admin privileges to bypass restrictions.

We are aware of the exploitation of a limited number of customers on CSA 4.6,” Ivanti stated in their security advisory. This exploitation involves chaining CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381 with a previously addressed vulnerability, CVE-2024-8963, which could “lead to unauthenticated remote code execution.”

While these vulnerabilities are present in CSA 5.0, Ivanti assures users that “we have not observed exploitation of these vulnerabilities in any version of CSA 5.0.” However, the company emphasizes the importance of updating to the latest version, 5.0.2, which contains fixes for all three vulnerabilities.

Interestingly, CVE-2024-8963, the vulnerability being chained to exploit the newly discovered flaws, “was incidentally addressed in previous versions of CSA 5.0 with the removal of unnecessary code.”

Ivanti’s CSA 4.6 is end-of-life and no longer receiving security updates. “The last security fix for this version was released on September 10,” the advisory notes. Users still running CSA 4.6 are strongly encouraged to upgrade to version 5.0.2 to ensure their systems are protected.

Related Posts: