Overview 

The Cybersecurity and Infrastructure Security Agency (CISA) has recently included a security flaw in Ivanti Cloud Services Appliance (CSA) in its Known Exploited Vulnerabilities (KEV) catalog. This newly cataloged vulnerability, identified as CVE-2024-8190, involves an OS command injection that poses a serious risk to affected systems.  

The vulnerability in question affects the Ivanti Cloud Services Appliance (CSA) version 4.6, specifically in all versions before Patch 519. It allows remote authenticated attackers with administrative privileges to execute arbitrary commands. This OS command injection flaw poses a risk as it can potentially lead to full system compromise. 

The vulnerability was assigned a CVSS score of 7.2, indicating a high severity level. Users of Ivanti CSA 4.6 must be aware of this issue and take appropriate action to mitigate the risk. 

Moreover, Cyble’s investigation revealed over 1,200 Ivanti CSA instances exposed on the internet, with a large number located in the United States. Systems using dual-homed configurations, with ETH-0 designated as an internal network, are less vulnerable to exploitation. 

Ivanti’s Response and Fixes 

Ivanti has recently released a critical patch to address this vulnerability. CVE-2024-8190 affects the Ivanti Cloud Services Appliance (CSA) version 4.6, specifically in all versions before Patch 519, allowing remote authenticated attackers to execute arbitrary commands. To mitigate this risk, Ivanti strongly recommends upgrading to CSA version 5.0, which includes the latest security improvements and ongoing support. 

For users who still need to transition to CSA 5.0, upgrading to CSA 4.6 Patch 519 is advised as an interim measure. However, CSA 4.6 has reached its end-of-life and will not receive future updates, making the upgrade to CSA 5.0 essential for continued security and support. 
 

Conclusion 

The addition of CVE-2024-8190 to CISA’s KEV catalog highlights the urgent need for organizations using Ivanti Cloud Services Appliance to address this vulnerability. With a known history of targeted cyber attacks on Ivanti products, organizations must apply the necessary patches and strengthen their security measures to prevent potential exploitation.  

Recommendations and Mitigations 

• Move to this version for essential security updates and ongoing support. 
• If an immediate upgrade to CSA 5.0 is not possible, update CSA 4.6 to Patch 519 as a temporary measure. 
• Review and tighten administrative access controls to reduce the risk of exploitation. 
• Increase surveillance for unusual or unauthorized activities and potential exploitation attempts. 
• Develop a comprehensive patch management strategy, including regular updates and verification processes. 
• Ensure critical systems are properly segmented and not directly exposed to the internet.