Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory report on vulnerabilities disclosed in multiple Ivanti products. These products include Ivanti Endpoint Manager Mobile (EPMM), Ivanti Cloud Service Application (CSA), Ivanti Velocity License Server, Ivanti Connect Secure, Policy Secure, and Ivanti Avalanche.
The official advisory from Ivanti specifically addresses various vulnerabilities affecting the Ivanti Cloud Service Application (CSA). It highlights that a limited number of customers using CSA versions 4.6 patches 518 and earlier have been exploited when certain vulnerabilities—CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381—are chained with CVE-2024-8963.
The recent advisory from Ivanti has indicated a range of vulnerabilities across their product lines, all requiring urgent attention.
Details of Ivanti Vulnerabilities
CVE-2024-7612, classified as high severity with a score of 8.8, affects Ivanti EPMM (Core) versions 12.1.0.3 and earlier. This vulnerability involves incorrect permission assignment, allowing local authenticated attackers to access or modify sensitive configuration files without proper authorization. If exploited, this could lead to severe security breaches.
Another vulnerability, CVE-2024-9379, has been categorized as medium severity with a CVSS score of 6.5. This SQL injection vulnerability affects Ivanti CSA (Cloud Services Appliance) versions 5.0.1 and earlier, allowing remote authenticated attackers with admin privileges to execute arbitrary SQL statements through the admin web console.
Furthermore, CVE-2024-9380, an OS command injection vulnerability also affecting Ivanti CSA, is rated high with a score of 7.2. This flaw enables remote authenticated attackers to gain unauthorized access and execute commands on the operating system via the admin web console.
Additionally, CVE-2024-37404 is a critical vulnerability with a CVSS score of 9.1, impacting both Ivanti Connect Secure and Policy Secure. This flaw allows a remote authenticated attacker to achieve remote code execution due to improper input validation in the admin portal of vulnerable versions.
The vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog signify the need for immediate action. When vulnerabilities appear on this list, it indicates that threat actors could exploit them to target unsuspecting victims. Attackers can utilize these vulnerabilities for data breaches, ransomware attacks, and privilege escalation, posing risks to organizations.
Recommendations and Mitigations
To mitigate these risks effectively, organizations must take proactive measures. Some of the mitigation strategies include:
- Regularly update all software and hardware systems with the latest patches released by the vendor to significantly reduce the risk of exploitation.
- Create a routine schedule for patch applications, ensuring that critical patches are prioritized to maintain system security.
- Include inventory management, patch assessment, testing, deployment, and verification.
- Automate the process wherever possible to enhance efficiency and consistency.
- Divide networks into distinct segments to isolate critical assets from less secure areas.
- Reduce the attack surface by minimizing potential vulnerabilities.
- Outline procedures for detecting, responding to, and recovering from security incidents.
- Regularly test and update the plan to ensure its effectiveness and alignment with current threats.
- Implement comprehensive monitoring to detect and analyze suspicious activities.
- Use Security Information and Event Management (SIEM) systems for aggregating and correlating logs for real-time threat detection and response.
Conclusion
By adopting these strategies, organizations can reduce their vulnerability to exploitation and enhance their overall security posture. The proactive measures highlighted in this advisory are essential for protecting sensitive information and maintaining system integrity in an increasingly hostile internet. Immediate action is required to mitigate the risks posed by these vulnerabilities and ensure that organizational assets are safeguarded against potential threats.
