Security

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

I show You how To Make Huge Profits In A Short Time With Cryptos!

Sep 14, 2024Ravie LakshmananEnterprise Security / Threat Intelligence

Cloud Appliance Vulnerability

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild.

The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances.

“An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution,” Ivanti noted in an advisory released earlier this week. “The attacker must have admin level privileges to exploit this vulnerability.”

Cybersecurity

The flaw impacts Ivanti CSA 4.6, which has currently reached end-of-life status, requiring that customers upgrade to a supported version going forward. That said, it has been addressed in CSA 4.6 Patch 519.

“With the end-of-life status this is the last fix that Ivanti will backport for this version,” the Utah-based IT software company added. “Customers must upgrade to Ivanti CSA 5.0 for continued support.”

“CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already running Ivanti CSA 5.0 do not need to take any additional action.”

On Friday, Ivanti updated its advisory to note that it observed confirmed exploitation of the flaw in the wild targeting a “limited number of customers.”

It did not reveal additional specifics related to the attacks or the identity of the threat actors weaponizing it, however, a number of other vulnerabilities in Ivanti products have been exploited as a zero-day by China-nexus cyberespionage groups.

Cybersecurity

The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the shortcoming to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by October 4, 2024.

The disclosure also comes as cybersecurity company Horizon3.ai posted a detailed technical analysis of a critical deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) impacting Endpoint Manager (EPM) that results in remote code execution.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

سكس محارم حقيقي awktec.com xnxxقطر sleeping mom hentai hentaipics.org dog days anime hentai small cock sfico.info thaman sex x videos movies penyporn.mobi village girls xnxx kerelasex xxx-tube-list.info hd naked sex video
ローカルテレビ局統括プロデューサー g爆乳淫獣妻 設楽アリサ 42歳 avデビュー 細身に似つかわしくないgカップ人妻と眼鏡が曇るほど熱く激しい超濃密セックス sakurajav.mobi 音あずさ 無修正 selfie porn bdsmporntrends.com sholay hindi movie full hd sexy beerus mirhentai.com gragas hentai يلا اباحيه farmsextube.net سكس في الغردقه punjabi sexy movie hd hqtube.mobi rape scandal mms
karasuma pink xhentaisex.com aisai nettori puja sex story pornorolik.org www worldsex.com quantico sex pornstarslist.info peporonity red tube.com indian bravosex.mobi nepali pussy indian fsiblog com gotubexxx.com chaturbate indian