Ivanti warns that it has discovered another major security hole in its systems
- Ivanti finds a 10/10 error in the Cloud Services Appliance
- This allows hackers to gain administrative rights
- The bug has been fixed in version 5.0.3, with users urged to update now
Ivanti is warning customers that an older version of its Cloud Services Appliance (CSA) solution has been found vulnerable to a security vulnerability of the highest severity (10/10), and has urged them to upgrade to the latest version as soon as possible.
The critical flaw is described as an authentication bypass in the Admin Web Console version CSA 5.0.2, allowing remote, unauthenticated attackers to gain administrative privileges.
The bug, tracked as CVE-2024-11639, was given the maximum severity rating because it does not require any user interaction to be exploited.
To address this issue, users would need to upgrade their devices to version 5.0.3 – but fortunately there is still no evidence of exploitation in the wild.
There are no indications of abuse yet
“We are not aware of any customers being exploited by these vulnerabilities prior to their disclosure. These vulnerabilities were disclosed through our responsible disclosure program,” Ivanti noted, adding that no PoC has yet been published anywhere. “Currently, there is no known public exploitation of these vulnerabilities that could be used to create a list of indicators of compromise.”
However, if history is any teacher, sooner or later critical CSA vulnerabilities will be exploited.
In late September 2024, it was reported that a critical path traversal vulnerability in CSA was being actively exploited in the wild to grant access to limited product functionality. The bug has even been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. It has been resolved with version 5.0.
Ivanti CSA is a platform that provides cloud-based solutions for security, automation and operations. It integrates Ivanti’s various IT management capabilities into a comprehensive cloud environment. The device allows companies to streamline their IT operations and provide features such as endpoint management, patch management, software distribution and vulnerability scanning in a cloud-based architecture.
Via BleepingComputer