Focus Mode
Cyber Security News

Four Critical Ivanti CSA Vulnerabilities Exploited, CISA and FBI Urge Mitigation

iocOne
Four Critical Ivanti CSA Vulnerabilities Exploited, CISA and FBI Urge Mitigation
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory regarding the active exploitation of four critical vulnerabilities in Ivanti Cloud Service Appliances. These include CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380, which can lead to unauthorized access, remote code execution, and credential theft. Organizations are urged to upgrade their systems and implement recommended security measures to mitigate these risks. Affected: Ivanti Cloud Service Appliances, victim organizations

Keypoints :

  • CISA and FBI issued a Cybersecurity Advisory for vulnerabilities in Ivanti CSA.
  • Four critical vulnerabilities were identified: CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380.
  • Exploits were used in September 2024 by threat actors to compromise networks.
  • Vulnerability CVE-2024-8963 allows unauthorized access to restricted appliance features.
  • CVE-2024-8190 enables remote authentication and command execution by threat actors.
  • CVE-2024-9379 allows execution of malicious SQL statements by attackers with administrative privileges.
  • Combining vulnerabilities led to credential theft, webshell implantation, and lateral movement within networks.
  • Organizations are advised to upgrade from EOL version 4.6 of Ivanti CSA to mitigate risks.
  • Incident response measures included detecting anomalous activity and using endpoint protection platforms.
  • CISA and FBI recommended implementing Endpoint Detection and Response (EDR) solutions and maintaining detailed logs.

MITRE Techniques :

  • TA0001: Initial Access – Exploitation of vulnerabilities to gain unauthorized access to networks.
  • TA0002: Execution – Use of shell commands through CVE-2024-8190 and remote code execution via CVE-2024-9380.
  • TA0003: Persistence – Implementation of webshells for ongoing access and command execution.
  • TA0006: Credential Dumping – Exfiltration of credentials using various vulnerabilities.

CVE :

  • [CVE] CVE-2024-8963
  • [CVE] CVE-2024-9379
  • [CVE] CVE-2024-8190
  • [CVE] CVE-2024-9380

Full Story: https://thecyberexpress.com/rcritical-ivanti-csa-vulnerabilities-exploited/

Tags: EXFILTRATION, EXPLOIT, CREDENTIAL, EDR, IMPACT, INITIAL ACCESS, VULNERABILITY, CVE