Trending
ee-track">
Link copied!

CISA Issues Urgent Advisory on Critical Vulnerabilities in Ivanti Products

CISA has issued a critical advisory on vulnerabilities in multiple Ivanti products, including EPMM, CSA, and more, highlighting urgent security concerns.

October 10, 2024 · 3 min read
CISA Issues Urgent Advisory on Critical Vulnerabilities in Ivanti Products

Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory report on vulnerabilities disclosed in multiple Ivanti products. These products include Ivanti Endpoint Manager Mobile (EPMM), Ivanti Cloud Service Application (CSA), Ivanti Velocity License Server, Ivanti Connect Secure, Policy Secure, and Ivanti Avalanche.

The official advisory from Ivanti specifically addresses various vulnerabilities affecting the Ivanti Cloud Service Application (CSA). It highlights that a limited number of customers using CSA versions 4.6 patches 518 and earlier have been exploited when certain vulnerabilities—CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381—are chained with CVE-2024-8963.

The recent advisory from Ivanti has indicated a range of vulnerabilities across their product lines, all requiring urgent attention.

Details of Ivanti Vulnerabilities

CVE-2024-7612, classified as high severity with a score of 8.8, affects Ivanti EPMM (Core) versions 12.1.0.3 and earlier. This vulnerability involves incorrect permission assignment, allowing local authenticated attackers to access or modify sensitive configuration files without proper authorization. If exploited, this could lead to severe security breaches.

Another vulnerability, CVE-2024-9379, has been categorized as medium severity with a CVSS score of 6.5. This SQL injection vulnerability affects Ivanti CSA (Cloud Services Appliance) versions 5.0.1 and earlier, allowing remote authenticated attackers with admin privileges to execute arbitrary SQL statements through the admin web console.

Furthermore, CVE-2024-9380, an OS command injection vulnerability also affecting Ivanti CSA, is rated high with a score of 7.2. This flaw enables remote authenticated attackers to gain unauthorized access and execute commands on the operating system via the admin web console.

Additionally, CVE-2024-37404 is a critical vulnerability with a CVSS score of 9.1, impacting both Ivanti Connect Secure and Policy Secure. This flaw allows a remote authenticated attacker to achieve remote code execution due to improper input validation in the admin portal of vulnerable versions.

The vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog signify the need for immediate action. When vulnerabilities appear on this list, it indicates that threat actors could exploit them to target unsuspecting victims. Attackers can utilize these vulnerabilities for data breaches, ransomware attacks, and privilege escalation, posing risks to organizations.

Recommendations and Mitigations

To mitigate these risks effectively, organizations must take proactive measures. Some of the mitigation strategies include: 

  • Regularly update all software and hardware systems with the latest patches released by the vendor to significantly reduce the risk of exploitation.
  • Create a routine schedule for patch applications, ensuring that critical patches are prioritized to maintain system security.
  • Include inventory management, patch assessment, testing, deployment, and verification.
  • Automate the process wherever possible to enhance efficiency and consistency.
  • Divide networks into distinct segments to isolate critical assets from less secure areas.
  • Reduce the attack surface by minimizing potential vulnerabilities. 
  • Outline procedures for detecting, responding to, and recovering from security incidents.
  • Regularly test and update the plan to ensure its effectiveness and alignment with current threats. 
  • Implement comprehensive monitoring to detect and analyze suspicious activities.
  • Use Security Information and Event Management (SIEM) systems for aggregating and correlating logs for real-time threat detection and response.

Conclusion

By adopting these strategies, organizations can reduce their vulnerability to exploitation and enhance their overall security posture. The proactive measures highlighted in this advisory are essential for protecting sensitive information and maintaining system integrity in an increasingly hostile internet. Immediate action is required to mitigate the risks posed by these vulnerabilities and ensure that organizational assets are safeguarded against potential threats.

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams