Ivanti Issues Warning on Active Exploitation of Recently Patched Cloud Appliance Vulnerability



Ivanti recently disclosed that a newly patched security flaw in its Cloud Service Appliance (CSA) is being actively exploited. The vulnerability, tracked as CVE-2024-8190 with a CVSS score of 7.2, allows remote code execution, but only when an attacker has admin-level privileges.

This flaw affects CSA version 4.6, which has reached end-of-life status. Ivanti has urged customers to upgrade to CSA version 5.0 for continued support, as this is the only version that remains unaffected by the vulnerability. The issue has been fixed in CSA 4.6 Patch 519, which will be the last backported update for the older version.

Ivanti confirmed that a limited number of customers have already been targeted by active exploitation of this vulnerability, although details about the attackers or their methods have not been revealed. The flaw has also been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalog, with federal agencies required to patch the issue by October 4, 2024.

Additionally, Horizon3.ai published a technical analysis of another severe vulnerability in Ivanti’s Endpoint Manager (EPM), CVE-2024-29847, which has a maximum CVSS score of 10.0 and also allows remote code execution.

Share this post :