According to Ivanti, there has been active exploitation of a severe security weakness affecting cloud service appliances (CSA) in the field.
With a maximum CVSS score of 10.0, the new vulnerability, with the CVE identifier CVE-2024-8963, has a score of 9.4. The business “incidentally addressed” it in CSA 5.0 and CSA 4.6 Patch 519.
“Path traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote, unauthenticated attacker to access restricted functionality,” the company said in a Thursday bulletin.
The vulnerability might be combined with CVE-2024-8190 (CVSS score: 7.2), according to the report, which would allow an attacker to get around admin authentication and use the appliance to carry out arbitrary operations.
Ivanti has further warned that it’s “aware of a limited number of customers who have been exploited by this vulnerability,” days after it disclosed active exploitation attempts targeting CVE-2024-8190.
This suggests that the activity’s threat actors are combining the two vulnerabilities to allow code execution on vulnerable devices.
The vulnerability was added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog as a result of the development, and federal agencies are now required to implement the solutions by October 10, 2024.
It is strongly advised that users update to CSA version 5.0 as soon as possible, since version 4.6 is no longer maintained and is nearing the end of its life.
Also read: Automation in Oil and Gas: Horizons and Expectations for the Next 5 Years
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
