Priya PatelTLDR:
- Hackers exploited a high-severity vulnerability in Ivanti Cloud Service Appliance version 4.6, listed as CVE-2024-8190.
- Ivanti urged customers to upgrade to version 5.0 to receive support as version 4.6 reached end of life.
Hackers have exploited a high-severity vulnerability in Ivanti Cloud Service Appliance version 4.6 and before, just days after the company released security updates. The vulnerability, listed as CVE-2024-8190, allows an authenticated attacker to obtain remote code execution with a CVSS score of 7.2. Ivanti has urged customers to upgrade to version 5.0 to receive continued support. The Cybersecurity and Infrastructure Security Agency has added the vulnerability to its known exploited vulnerabilities catalog and federal agencies are required to address the vulnerabilities by a specific date. This incident highlights the importance of keeping software updated and the potential risks associated with using end-of-life applications.
