In this article
ToggleIvanti has issued a security update for the Cloud Service Appliance (CSA) 4.6 to address a critical vulnerability (CVE-2024-8190) that poses a high risk of unauthorized access. This vulnerability allows remote authenticated attackers with administrative privileges to execute arbitrary code on the CSA, leading to potential full system compromise. The vulnerability has been given a CVSS score of 7.2, categorizing it as “high severity.”
The flaw, identified as an OS command injection vulnerability, impacts CSA versions 4.6 Patch 518 and earlier. The vulnerability is specific to systems running these outdated versions, with dual-homed CSA configurations—those with ETH-0 on internal networks—being significantly less vulnerable to exploitation. Ivanti has made it clear that this vulnerability does not affect CSA 5.0, which is the latest and only supported version.
CSA 4.6 has officially reached its end-of-life and no longer receives operating system or third-party library patches. Ivanti has confirmed that this is the last security patch that will be backported to CSA 4.6, meaning users must now upgrade to CSA 5.0 to continue receiving security updates and product support. Ivanti CSA 5.0, which does not contain this vulnerability, remains the recommended version.
While there were no reports of exploitation at the time of the vulnerability’s initial disclosure on September 10, 2024, Ivanti has since confirmed that a limited number of customers have been affected by exploits following public disclosure. Ivanti advises customers to review their systems for any suspicious administrative user accounts or unusual activity in broker logs, and to assess Endpoint Detection and Response (EDR) alerts if such systems are in place.
Customers using CSA 4.6 Patch 518 or earlier are strongly advised to apply Patch 519. However, Ivanti emphasizes that upgrading to CSA 5.0 is the recommended long-term solution, as CSA 4.6 is now deprecated and will no longer receive any security updates. Customers already on CSA 5.0 do not need to take further action.
Links to Patches and Upgrades:
Ivanti recommends the following actions to mitigate risks:
For further information or assistance, customers are encouraged to contact Ivanti through their support channels.
Securinc is a leading cybersecurity consulting firm dedicated to helping businesses navigate the complex world of information security. Since our inception, we have been at the forefront of the cybersecurity industry, offering tailored solutions to organizations of all sizes.