Four Critical Ivanti Csa Vulnerabilities Exploited, Cisa And Fbi Urge Mitigation
Thumbnail
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory regarding the active exploitation of four critical vulnerabilities in Ivanti Cloud Service Appliances. These include CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380, which can lead to unauthorized access, remote code execution, and credential theft. Organizations are urged to upgrade their systems and implement recommended security measures to mitigate these risks. Affected: Ivanti Cloud Service Appliances, victim organizations

Keypoints :

  • CISA and FBI issued a Cybersecurity Advisory for vulnerabilities in Ivanti CSA.
  • Four critical vulnerabilities were identified: CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380.
  • Exploits were used in September 2024 by threat actors to compromise networks.
  • Vulnerability CVE-2024-8963 allows unauthorized access to restricted appliance features.
  • CVE-2024-8190 enables remote authentication and command execution by threat actors.
  • CVE-2024-9379 allows execution of malicious SQL statements by attackers with administrative privileges.
  • Combining vulnerabilities led to credential theft, webshell implantation, and lateral movement within networks.
  • Organizations are advised to upgrade from EOL version 4.6 of Ivanti CSA to mitigate risks.
  • Incident response measures included detecting anomalous activity and using endpoint protection platforms.
  • CISA and FBI recommended implementing Endpoint Detection and Response (EDR) solutions and maintaining detailed logs.

MITRE Techniques :

  • TA0001: Initial Access – Exploitation of vulnerabilities to gain unauthorized access to networks.
  • TA0002: Execution – Use of shell commands through CVE-2024-8190 and remote code execution via CVE-2024-9380.
  • TA0003: Persistence – Implementation of webshells for ongoing access and command execution.
  • TA0006: Credential Dumping – Exfiltration of credentials using various vulnerabilities.

CVE :

  • [CVE] CVE-2024-8963
  • [CVE] CVE-2024-9379
  • [CVE] CVE-2024-8190
  • [CVE] CVE-2024-9380

Full Story: https://thecyberexpress.com/rcritical-ivanti-csa-vulnerabilities-exploited/