Right this moment, Ivanti warned clients a couple of new maximum-severity authentication bypass vulnerability in its Cloud Companies Equipment (CSA) answer.
The safety flaw (tracked as CVE-2024-11639 and reported by CrowdStrike’s Superior Analysis Group) permits distant attackers to realize administrative privileges on weak home equipment working Ivanti CSA 5.0.2 or earlier with out requiring authentication or consumer interplay by circumventing authentication utilizing an alternate path or channel.
Ivanti advises admins to improve weak home equipment to CSA 5.0.3 utilizing detailed info obtainable in this help doc.
“We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program,” the corporate mentioned on Tuesday. “Currently, there is no known public exploitation of this these vulnerabilities that could be used to provide a list of indicators of compromise.”
Right this moment, Ivanti patched different medium, excessive, and demanding vulnerabilities in Desktop and Server Administration (DSM), Join Safe and Coverage Safe, Sentry, and Patch SDK merchandise. Nevertheless, as famous in a safety advisory printed on Tuesday, there isn’t a proof that these vulnerabilities have been exploited within the wild.
CVE-2024-11639 is the sixth CSA safety vulnerability patched in current months, with the 5 earlier ones being patched in:
In September, the corporate additionally warned clients that the CVE-2024-8190 and CVE-2024-8963 flaws have been already being focused in assaults.
Moreover, it alerted admins that the three safety flaws mounted in October have been being chained with the CVE-2024-8963 CSA admin bypass to run SQL statements through SQL injection, bypass safety restrictions, and execute arbitrary code through command injection.
This stream of actively exploited vulnerabilities comes as Ivanti says it escalated testing and inner scanning capabilities and is enhancing its accountable disclosure course of to patch safety bugs sooner.
A number of different vulnerabilities have been exploited as zero-days in widespread assaults earlier this 12 months in campaigns focusing on Ivanti VPN home equipment and ICS, IPS, and ZTA gateways.
Ivanti offers companies to over 40,000 firms that use its merchandise to handle their methods and IT belongings.
