WARNING: ACTIVELY EXPLOITED VULNERABILITIES FOUND IN IVANTI CLOUD SERVICES APPLIANCE, PATCH IMMEDIATELY!
CVE-2024-8190: CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution.
The attacker must have admin level privileges to exploit this vulnerability. This vulnerability has been listed in the Known Exploited Vulnerabilities of CISA. It has a high impact in all vectrices of the CIA triad.
Description
Successful exploitation could lead to unauthorized access to the device running the CSA. Dual-homed CSA configurations with ETH-0 as an internal network, as recommended by Ivanti, are at a significantly reduced risk of exploitation.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
For CSA 4.6, please update to this patch 519: https://forums.ivanti.com/s/article/CSA-4-6-Patch-519
Upgrade to CSA 5.0: https://forums.ivanti.com/s/article/CSA-5-0-Download
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
CISA - https://www.cisa.gov/known-exploited-vulnerabilities-catalog