Short dive:
Ivanti said Friday that malicious actors exploited a high-severity vulnerability in version 4.6 and earlier of its Ivanti Cloud Appliances in a limited number of customers, just days after the company issued security updates. In an updated consultation.
Operating system command injection vulnerability, listed as CV-2024-8190This could allow an authenticated attacker to gain remote code execution. This vulnerability has a CVSS score of 7.2, and the advisory notes that an attacker would need to have administrator-level privileges to exploit the vulnerability.
The company warned that Ivanti CSA 4.6 has reached the end of its life and is no longer receiving patches. Ivanti urged customers to upgrade to version 5.0 in order to continue receiving support. Those already running version 5.0 do not need to take any additional action.
Insight into diving:
An Ivanti spokesperson confirmed via email Friday that the company is working with a limited number of customers affected by the vulnerability. The company did not provide details about the specific attacks.
the Cybersecurity and Infrastructure Security Agency Microsoft has added the vulnerability to its list of known exploits, requiring federal civil law enforcement agencies to address the vulnerabilities by October 4.
The Cybersecurity and Infrastructure Security Agency It was targeted earlier this year. By hackers exploiting critical vulnerabilities in Ivanti Connect Secure. Ivanti announced in April that Comprehensive effort to reform internal security Practices.
The company said users can check for potential breaches by reviewing Ivanti CSA for newly added or modified administrative users. Some breach attempts may show up in broker logs, which are available locally on the system. Users can also review and respond to endpoint detection alerts.
More threat groups are targeting legacy vulnerabilities in out-of-date applications as some customers run outdated applications. Software in old equipment And forget to apply security upgrades.
