The Cybersecurity and Infrastructure Security Agency (CISA) has recently included a security flaw in Ivanti Cloud Services Appliance (CSA) in its Known Exploited Vulnerabilities (KEV) catalog. This newly cataloged vulnerability, identified as CVE-2024-8190, involves an OS command injection that poses a serious risk to affected systems.
The vulnerability in question affects the Ivanti Cloud Services Appliance (CSA) version 4.6, specifically in all versions before Patch 519. It allows remote authenticated attackers with administrative privileges to execute arbitrary commands. This OS command injection flaw poses a risk as it can potentially lead to full system compromise.
The vulnerability was assigned a CVSS score of 7.2, indicating a high severity level. Users of Ivanti CSA 4.6 must be aware of this issue and take appropriate action to mitigate the risk.
Moreover, Cyble’s investigation revealed over 1,200 Ivanti CSA instances exposed on the internet, with a large number located in the United States. Systems using dual-homed configurations, with ETH-0 designated as an internal network, are less vulnerable to exploitation.
Ivanti has recently released a critical patch to address this vulnerability. CVE-2024-8190 affects the Ivanti Cloud Services Appliance (CSA) version 4.6, specifically in all versions before Patch 519, allowing remote authenticated attackers to execute arbitrary commands. To mitigate this risk, Ivanti strongly recommends upgrading to CSA version 5.0, which includes the latest security improvements and ongoing support.
For users who still need to transition to CSA 5.0, upgrading to CSA 4.6 Patch 519 is advised as an interim measure. However, CSA 4.6 has reached its end-of-life and will not receive future updates, making the upgrade to CSA 5.0 essential for continued security and support.
The addition of CVE-2024-8190 to CISA’s KEV catalog highlights the urgent need for organizations using Ivanti Cloud Services Appliance to address this vulnerability. With a known history of targeted cyber attacks on Ivanti products, organizations must apply the necessary patches and strengthen their security measures to prevent potential exploitation.