Ivanti Releases Security Updates for Multiple Products
Updates address exploited vulnerabilities in Cloud Services Application and one critical vulnerability in Connect Secure and Policy Secure
Summary
Updates address exploited vulnerabilities in Cloud Services Application and one critical vulnerability in Connect Secure and Policy Secure
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation chain of CVE-2024-8963 with CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381
Ivanti has stated a limited number of customers running CSA 4.6 patch 518 and prior have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 is chained with CVE-2024-8963.
CVE-2024-8963 is a critical vulnerability with a CVSSv3 score of 9.4 that could allow a remote unauthenticated attacker to access restricted functionality. This vulnerability was previously discussed in Cyber Alert CC-4552 and noted as exploited.
Introduction
Ivanti has released security advisories addressing vulnerabilities in multiple products.
Three vulnerabilities affecting Cloud Services Appliance (CSA) have been exploited by being chained together with previously patched vulnerability CVE-2024-8963.
- CVE-2024-9381 has a CVSSv3 score of 7.2 and is a path traversal vulnerability in Ivanti CSA. If exploited, a remote authenticated attacker with admin privileges could bypass restrictions.
- CVE-2024-9380 has a CVSSv3 score of 7.2 and is an OS command injection vulnerability in the admin web console of Ivanti CSA. If exploited, a remote authenticated attacker with admin privileges could achieve remote code execution (RCE).
- CVE-2024-9379 has a CVSSv3 score of 6.5 and is an SQL injection vulnerability in the admin web console of Ivanti CSA. If exploited, a remote authenticated attacker with admin privileges could run arbitrary SQL statements.
Additionally, CVE-2024-37404 has a CVSSv3 score of 9.1 and is an improper input validation vulnerability in the admin portal of Ivanti Connect Secure or Ivanti Policy Secure. If exploited, a remote authenticated attacker could achieve remote code execution.
Remediation advice
Affected organisations are strongly encouraged to review the following security advisories and apply any relevant updates.
Definitive source of threat updates
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-and-Policy-Secure-CVE-2024-37404
- https://www.ivanti.com/blog/october-2024-security-update
- https://digital.nhs.uk/cyber-alerts/2024/cc-4552
CVE Vulnerabilities
Last edited: 9 October 2024 3:59 pm