Security

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

I show You how To Make Huge Profits In A Short Time With Cryptos!

Dec 11, 2024Ravie LakshmananVulnerability / Network Security

CSA and Connect Secure Vulnerabilities

Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution.

The list of vulnerabilities is as follows –

  • CVE-2024-11639 (CVSS score: 10.0) – An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access
  • CVE-2024-11772 (CVSS score: 9.1) – A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution
  • CVE-2024-11773 (CVSS score: 9.1) – An SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements
  • CVE-2024-11633 (CVSS score: 9.1) – An argument injection vulnerability in Ivanti Connect Secure before version 22.7R2.4 that allows a remote authenticated attacker with admin privileges to achieve remote code execution
  • CVE-2024-11634 (CVSS score: 9.1) – A command injection vulnerability in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 that allows a remote authenticated attacker with admin privileges to achieve remote code execution
  • CVE-2024-8540 (CVSS score: 8.8) – An insecure permissions vulnerability in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 that allows a local authenticated attacker to modify sensitive application components
Cybersecurity

The shortcomings have been addressed in the below versions –

  • Ivanti Cloud Services Application 5.0.3
  • Ivanti Connect Secure 22.7R2.4
  • Ivanti Policy Secure 22.7R1.2
  • Ivanti Sentry 9.20.2, 10.0.2, and 10.1.0

While Ivanti has emphasized that it’s not aware of active exploitation of any of the aforementioned flaws, it’s imperative that users take quick action given that several flaws in its products have been abused by state-sponsored attackers for malicious activities.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

سكس محارم حقيقي awktec.com xnxxقطر sleeping mom hentai hentaipics.org dog days anime hentai small cock sfico.info thaman sex x videos movies penyporn.mobi village girls xnxx kerelasex xxx-tube-list.info hd naked sex video
ローカルテレビ局統括プロデューサー g爆乳淫獣妻 設楽アリサ 42歳 avデビュー 細身に似つかわしくないgカップ人妻と眼鏡が曇るほど熱く激しい超濃密セックス sakurajav.mobi 音あずさ 無修正 selfie porn bdsmporntrends.com sholay hindi movie full hd sexy beerus mirhentai.com gragas hentai يلا اباحيه farmsextube.net سكس في الغردقه punjabi sexy movie hd hqtube.mobi rape scandal mms
karasuma pink xhentaisex.com aisai nettori puja sex story pornorolik.org www worldsex.com quantico sex pornstarslist.info peporonity red tube.com indian bravosex.mobi nepali pussy indian fsiblog com gotubexxx.com chaturbate indian