Ivanti has issued critical security updates to address multiple vulnerabilities in its Cloud Services Application (CSA) and Connect Secure products. These flaws, if exploited, could lead to privilege escalation and remote code execution (RCE), posing significant risks to organizations relying on these tools.
Ivanti has issued critical security updates to address multiple vulnerabilities in its Cloud Services Application (CSA) and Connect Secure products. These flaws, if exploited, could lead to privilege escalation and remote code execution (RCE), posing significant risks to organizations relying on these tools.
CVE-2024-11639 (CVSS: 10.0) – Authentication bypass in the CSA admin web console could allow remote and unauthenticated attackers to gain administrative access.
CVE-2024-11772 (CVSS: 9.1) – Command injection vulnerability in the CSA admin web console. Remote authenticated attackers with admin privileges can execute arbitrary commands.
CVE-2024-11773 (CVSS: 9.1) – Remote authenticated attackers with admin privileges can execute arbitrary SQL queries in the CSA Admin web console.
CVE-2024-11633 (CVSS: 9.1) – Argument injection in Connect Secure that allows remote authenticated attackers to achieve RCE
CVE-2024-11634 (CVSS: 9.1) – Command injection in Connect Secure and Policy Secure vulnerabilities enable threat actors to execute arbitrary code.
Administrators are strongly urged to update affected systems immediately. Detailed upgrade guidance is available in Ivanti’s support documentation here and here.
Although the vendor confirmed that, so far, there are no reports of exploitation of these vulnerabilities in the wild, companies are recommended to remain vigilant and patch the affected software. We are monitoring for any emerging indicators of compromise and monitoring the systems for any suspicious activity.
