Ivanti issued a security update for three new zero-day vulnerabilities in its Cloud Services Appliance (CSA), which are being reported as exploited. These are tracked under CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381.
Ivanti issued a security update for three new zero-day vulnerabilities in its Cloud Services Appliance (CSA), which are being reported as exploited. These are tracked under CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381.
CVE-2024-9379: is a SQL injection flaw in the admin web console of Ivanti CSA, from which an attacker with admin privileges could run arbitrary SQL statements.
CVE-2024-9380: is an OS command injection vulnerability in the admin web console. Similarly, an attacker with admin privilege can achieve remote code execution.
CVE-2024-9381: is a path traversal flaw which allows an attacker with admin privileges to bypass restrictions.
Vulnerabilities are affecting CSA versions prior to version 5.0.2; however, Ivanti stated that they have observed exploitation only in version 4.6 patch 518 and prior. Businesses are urged to upgrade to version 5.0.2 to mitigate any threats.
We are recommending customers review the broker logs in the local systems for any suspicious modification attempts or inconsistent activity. Additionally, we are conducting proactive threat hunts to ensure our customers safety. For more information on the advisory, please read here.
