Ivanti Releases Patches for Three New CSA Security Flaws
- Software company Ivanti has released fixes for three security flaws: CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381. These were being actively exploited.
- The flaws were affecting CSA versions older than 5.0.2. So, the company has recommended users upgrade their systems.
- Additionally, the company has also increased testing and internal scanning to reduce instances of such security issues.
Ivanti has finally released security patches for three new Cloud Services Appliance (CSA) flaws that were being actively exploited. It's worth noting that the Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet."
The three flaws are:
- CVE-2024-9379: With a CVSS score of 6.5, this is an SQL injection present in the admin web console of Ivanti CSA. An attacker with remote access can gain admin privileges and launch arbitrary SQL statements.
- CVE-2024-9381: With a CVSS score of 7.2, this is an OS command injection vulnerability, also in the admin web console of Ivanti CSA. An attacker with remote access and admin privileges can launch remote code execution.
- CVE-2024-9380: With a CVSS score of 7.2, this is a path traversal issue. A threat actor with remote access and admin privileges can exploit it to bypass certain restrictions.
All three flaws are zero-day and affect versions older than 5.0.2. It's also worth noting that in some cases, the threat actors are using these flaws in combination with another zero-day flaw tracked as CVE-2024-8963 (CVSS score of 9.4) that was already addressed by the company in September.
What Should the Customers Do Now?In an advisory, Ivanti said, We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963."
Since CSA 4.6 is an end-of-life product, it will not get any more security updates from the company. Hence, customers are recommended to upgrade to the latest version.
As mentioned before, these flaws are present in versions older than 5.0.2. However, the company also did not notice any active attacks in the CSA 5.0 version. Regardless of this, though, everyone is advised to upgrade to 5.0.2 to protect themselves.
If you want to check whether your system has been compromised, there are a few ways to do it. For starters, the admin can look for security alerts from endpoint detection and response (EDR) and other security tools. If someone is trying to break into your system, your security tool is likely to notice that.
Also, take a look at your CSA to ensure no new admin users have been added without your knowledge. In some cases, the broker logs of your system may also show signs of unauthorized access attempts.
Speaking of the broader industry trend of increasing breaches on business cloud systems, it's a deeply worrying cloud security statistic. For instance, cloud breaches currently make up 45% of all data breaches, and around 44% of all businesses have already experienced some form of impact.Two More Security Flaws Detected Last Month: What Is Ivanti Doing?Ivanti announced two more security flaws last month: CVE-2024-8963 (an admin bypass flaw) and CVE-2024-8190 (a command injection flaw).
Both these flaws were added to the Known Exploited Vulnerabilities catalog by the CISA, ordering federal agencies to secure it by October 10.
In response to the increasing number of vulnerabilities, Ivanti has increased testing and internal scanning and is working on its disclosure process so that it can fix security issues faster.The company has also been making substantial investments in Secure by Design, and in May, it signed the CISA Secure by Design pledge.
The post Ivanti Releases Patches for Three New CSA Security Flaws appeared first on The Tech Report.