Active Exploitation of Vulnerabilities in Ivanti Cloud Services Appliance

Published on 23 Sep 2024

Ivanti has released updates addressing multiple vulnerabilities (CVE-2024-8190 and CVE-2024-8963) in their Cloud Services Appliance (CSA). The vulnerabilities are reportedly being actively exploited.

The vulnerabilities are:
• CVE-2024-8190: Successful exploitation of the command injection vulnerability could allow a remote authenticated attacker with administrative privileges to perform remote code execution.
• CVE-2024-8963: Successful exploitation of the path traversal vulnerability could allow a remote unauthenticated attacker to access restricted functionality on affected systems.

Both vulnerabilities can be chained by attackers to bypass admin authentication and perform remote code execution on vulnerable appliances.

These vulnerabilities affect Ivanti CSA versions prior to 4.6 Patch 519.

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here: