Securinc

Security Advisory: Critical Vulnerability in Ivanti Cloud Service Appliance (CSA) CVE-2024-8190

 

Security Advisory: Critical Vulnerability in Ivanti Cloud Service Appliance (CSA) CVE-2024-8190

Ivanti has issued a security update for the Cloud Service Appliance (CSA) 4.6 to address a critical vulnerability (CVE-2024-8190) that poses a high risk of unauthorized access. This vulnerability allows remote authenticated attackers with administrative privileges to execute arbitrary code on the CSA, leading to potential full system compromise. The vulnerability has been given a CVSS score of 7.2, categorizing it as “high severity.”

Vulnerability Summary

The flaw, identified as an OS command injection vulnerability, impacts CSA versions 4.6 Patch 518 and earlier. The vulnerability is specific to systems running these outdated versions, with dual-homed CSA configurations—those with ETH-0 on internal networks—being significantly less vulnerable to exploitation. Ivanti has made it clear that this vulnerability does not affect CSA 5.0, which is the latest and only supported version.

End-of-Life for CSA 4.6

CSA 4.6 has officially reached its end-of-life and no longer receives operating system or third-party library patches. Ivanti has confirmed that this is the last security patch that will be backported to CSA 4.6, meaning users must now upgrade to CSA 5.0 to continue receiving security updates and product support. Ivanti CSA 5.0, which does not contain this vulnerability, remains the recommended version.

Confirmed Exploitation in the Wild

While there were no reports of exploitation at the time of the vulnerability’s initial disclosure on September 10, 2024, Ivanti has since confirmed that a limited number of customers have been affected by exploits following public disclosure. Ivanti advises customers to review their systems for any suspicious administrative user accounts or unusual activity in broker logs, and to assess Endpoint Detection and Response (EDR) alerts if such systems are in place.

Affected Versions

  • Product Name: Ivanti Cloud Services Appliance (CSA)
  • Affected Versions: CSA 4.6 (all versions before Patch 519)
  • Resolved Versions: CSA 5.0 and CSA 4.6 Patch 519

Patch and Upgrade Guidance

Customers using CSA 4.6 Patch 518 or earlier are strongly advised to apply Patch 519. However, Ivanti emphasizes that upgrading to CSA 5.0 is the recommended long-term solution, as CSA 4.6 is now deprecated and will no longer receive any security updates. Customers already on CSA 5.0 do not need to take further action.

Links to Patches and Upgrades:

Mitigation and Prevention

Ivanti recommends the following actions to mitigate risks:

  1. Upgrade to Ivanti CSA 5.0.
  2. For dual-homed configurations, ensure ETH-0 is configured as an internal network interface.
  3. Monitor your CSA systems for any unauthorized administrative users and examine logs for unusual activity.
  4. Customers who need assistance are encouraged to reach out through Ivanti’s Success Portal.
 

For further information or assistance, customers are encouraged to contact Ivanti through their support channels.

Our Latest Update

News and Insights

Index
× Whatsapp Us!