Advisory September 16, 2024

Ivanti CSA High-Risk Vulnerability with CVE-2024-8190

The Obrela Threat Intelligence Team

A vulnerability has been identified in Ivanti Cloud Services Appliance (CSA) 4.6. The vulnerability could allow for OS Command Injection against the host device. The vulnerability (CVE-2024-8190) has a High CVSSv3.1 score of 7.2 out of 10.

 

Description:

Ivanti made customers aware of a security update released for the 4.6 version of Cloud Services Appliance which resolved an OS Command Injection vulnerability, allowing remote authenticated attackers to obtain remote code execution capabilities on the target. Although version 4.6 of the software is in End-of-Life in favor of the currently supported 5.0, several organizations have not made the transition yet.

In September 13, Ivanti confirmed exploitation of the vulnerability in the wild following reports from customers. This underlines the need to promptly upgrade to the up to date, known safe 5.0 version.

 

Affected Versions:

Ivanti Cloud Services Appliance (CSA) version 4.6 (before patch 519) is vulnerable to the attack.

 

Recommendations:

  • Ensure Ivanti CSA is in version 5.0. If prompt upgrading from 4.6 is not currently possible, ensure it has patch 519 applied.
  • If on a vulnerable version at any point since September 10, Ivanti recommends reviewing the CSA for modified or newly added administrative users, activity indicative of exploitation.
  • Ensure automatic updates are enabled for future instances.

 

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-8190

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190

https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance

cyber shield, security