Summary: Cyberattackers are exploiting multiple Ivanti vulnerabilities to compromise the company’s Cloud Service Appliance (CSA). CISA and the FBI have identified several critical vulnerabilities that allow attackers to gain initial access and execute remote code on victim networks. Organizations are urged to upgrade their systems and implement detection methods to mitigate these threats.
Threat Actor: Unknown | unknown
Victim: Ivanti CSA Users | Ivanti CSA Users
Keypoints :
- Threat actors are utilizing vulnerabilities CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 to exploit Ivanti CSA.
- These vulnerabilities allow for admin bypass, SQL injection, and remote code execution, affecting versions 4.6x and below of Ivanti CSA.
- CISA recommends upgrading to the latest version and using provided IoCs to detect malicious activity.
Source: https://www.darkreading.com/vulnerabilities-threats/cisa-ivanti-vulns-chained-attacks