Ivanti Points Crucial Safety Updates for CSA and Join Safe Vulnerabilities

Dec 11, 2024Ravie LakshmananVulnerability / Community Safety

Ivanti has launched safety updates to handle a number of crucial flaws in its Cloud Providers Utility (CSA) and Join Safe merchandise that would result in privilege escalation and code execution.

The listing of vulnerabilities is as follows –

CVE-2024-11639 (CVSS rating: 10.0) – An authentication bypass vulnerability within the admin net console of Ivanti CSA earlier than 5.0.3 that permits a distant unauthenticated attacker to realize administrative entry

CVE-2024-11772 (CVSS rating: 9.1) – A command injection vulnerability within the admin net console of Ivanti CSA earlier than model 5.0.3 that permits a distant authenticated attacker with admin privileges to realize distant code execution

CVE-2024-11773 (CVSS rating: 9.1) – An SQL injection vulnerability within the admin net console of Ivanti CSA earlier than model 5.0.3 that permits a distant authenticated attacker with admin privileges to run arbitrary SQL statements

CVE-2024-11633 (CVSS rating: 9.1) – An argument injection vulnerability in Ivanti Join Safe earlier than model 22.7R2.4 that permits a distant authenticated attacker with admin privileges to realize distant code execution

CVE-2024-11634 (CVSS rating: 9.1) – A command injection vulnerability in Ivanti Join Safe earlier than model 22.7R2.3 and Ivanti Coverage Safe earlier than model 22.7R1.2 that permits a distant authenticated attacker with admin privileges to realize distant code execution

CVE-2024-8540 (CVSS rating: 8.8) – An insecure permissions vulnerability in Ivanti Sentry earlier than variations 9.20.2 and 10.0.2 or 10.1.0 that permits an area authenticated attacker to switch delicate software elements

The shortcomings have been addressed within the under variations –

Ivanti Cloud Providers Utility 5.0.3
Ivanti Join Safe 22.7R2.4
Ivanti Coverage Safe 22.7R1.2
Ivanti Sentry 9.20.2, 10.0.2, and 10.1.0

Whereas Ivanti has emphasised that it is not conscious of energetic exploitation of any of the aforementioned flaws, it is crucial that customers take fast motion on condition that a number of flaws in its merchandise have been abused by state-sponsored attackers for malicious actions.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Ivanti Points Crucial Safety Updates for CSA and Join Safe Vulnerabilities

Recent articles

Would possibly want a mass password reset someday? Learn this primary.

Over 25,000 SonicWall VPN Firewalls uncovered to essential flaws

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Eire fines Meta $264 million over 2018 Fb knowledge breach

New crucial Apache Struts flaw exploited to search out susceptible servers

About us

Company

Must Read

Beware: Pretend Browser Updates Ship BitRAT and Lumma Stealer Malware

What’s Google Glass? | Definition from TechTarget

ClickFix Assault: Faux Google Meet Alerts Set up Malware on Home windows, macOS

Subscribe