Ivanti has disclosed that a recently patched security vulnerability in its Cloud Service Appliance (CSA) is actively being exploited in the wild.
The vulnerability, known as CVE-2024-8190 (CVSS score: 7.2), allows for remote code execution under certain conditions.
“An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier enables a remote authenticated attacker to achieve remote code execution,” Ivanti explained in a recent advisory. “The attacker must have admin privileges to exploit this vulnerability.”
The vulnerability affects Ivanti CSA 4.6, which is now in end-of-life status, necessitating that customers upgrade to a supported version. The issue has been resolved in CSA 4.6 Patch 519.
“Since this version is at end-of-life, this is the final patch that Ivanti will provide,” the company based in Utah stated. “Customers must transition to Ivanti CSA 5.0 for ongoing support.”
“CSA 5.0 is the only version with support and does not have this vulnerability. Customers already on Ivanti CSA 5.0 do not need to take any extra steps.”
Ivanti later updated its advisory to confirm that the vulnerability had been exploited in the wild against a limited number of customers.
No further details regarding the attacks or the groups leveraging the vulnerability were disclosed, but various other vulnerabilities in Ivanti products have been used by cyberespionage groups linked to China.
In response to this development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has decided to include this vulnerability in its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to implement the fixes by October 4, 2024.
This news coincides with Horizon3.ai, a cybersecurity company, publishing a detailed analysis of a critical deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) affecting Endpoint Manager (EPM) that can lead to remote code execution.
