Priya PatelTLDR:
- Ivanti’s Cloud Service Appliance (CSA) is vulnerable to remote code execution due to a recently patched flaw (CVE-2024-8190).
- The flaw has been actively exploited in the wild, prompting Ivanti to release a patch (CSA 4.6 Patch 519).
Full Article
Ivanti has disclosed that its Cloud Service Appliance (CSA) is facing an active exploitation of a newly patched vulnerability (CVE-2024-8190) that allows remote code execution. This high-severity flaw affects Ivanti CSA 4.6, which has reached end-of-life status, necessitating customers to upgrade to CSA 5.0 for continued support. The flaw is addressed in the latest patch, CSA 4.6 Patch 519.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply the fixes by October 4, 2024. Ivanti has observed confirmed exploitation of the flaw in the wild, targeting a limited number of customers, although specific details about the attacks are currently undisclosed.
In a separate development, cybersecurity company Horizon3.ai has published a technical analysis of a critical deserialization vulnerability (CVE-2024-29847) affecting Endpoint Manager (EPM) that also leads to remote code execution. It is crucial for organizations to stay vigilant and apply necessary patches to mitigate the risks posed by these vulnerabilities.
