Lower than two weeks after patching one flaw, Ivanti introduced on Sept. 19 {that a} second, essential Cloud Providers Equipment (CSA) vulnerability is being exploited within the wild.
The vulnerability (CVE-2024-8963, CVSS 9.4) is a path traversal in Ivanti CSA that permits a distant, unauthenticated attacker to entry restricted functionalities. Attackers have chained it to the beforehand disclosed flaw, CVE-2024-8190, which is a high-severity OS command injection flaw that may enable unauthorized entry to gadgets. The chain will be exploited for distant code execution (RCE), if the attacker has admin-level privileges.
“If CVE-2024-8963 is used along side CVE-2024-8190 an attacker can bypass admin authentication and execute arbitrary instructions on the equipment,” the enterprise mentioned.
The information comes throughout an ongoing collection of safety points Ivanti has confronted since 2023.
Not First & Probably Not the Final
Simply this yr alone, Ivanti has confronted flaw after flaw; in February, the Cybersecurity and Infrastructure Safety Company (CISA) ordered Ivanti VPN home equipment be disconnected, rebuilt, and reconfigured in 48 hours, after there have been issues that a number of risk actors had been exploiting safety flaws discovered within the techniques.
In April, international nation-state hackers took benefit of weak Ivanti gateway gadgets and attacked MITRE, breaking its 15-year streak of being incident free. And MITRE wasn’t alone on this, as hundreds of Ivanti VPN cases had been compromised as a result of two unpatched zero-day vulnerabilities.
And in August, Ivanti’s Digital Visitors Supervisor (vTM) harbored a essential vulnerability that might have led to authentication bypass and creation of an administrator consumer with out the patch that the enterprise offered.
“These identified however unpatched vulnerabilities have emerged a favourite goal for attackers as a result of they’re straightforward to use and oftentimes organizations don’t know that gadgets with EOL techniques are nonetheless operating of their community,” Greg Fitzgerald, co-founder of Sevco Safety, mentioned in an emailed assertion to Darkish Studying.
Safety in an Ongoing Storm
To mitigate this risk, Ivanti recommends that its clients improve the Ivanti CSA 4.6 to CSA 5.0. They’ll additionally replace CSA 4.6 Patch 518 to Patch 519; nevertheless, this product has entered finish of life, so it is really useful to improve to CSA 5.0 as a substitute.
Along with this, Ivanti recommends that every one clients guarantee dual-homed CSA configurations with eth0 as an inner community.
Prospects ought to overview the CSA for modified or newly added directors if they’re involved that they could have been compromised. If customers have endpoint detection and response (EDR) put in, it is really useful to overview these alerts as nicely.
Customers can request assist or ask questions by logging a case or requesting a name via Ivanti’s Success Portal.