Ivanti’s Cloud Services Appliance faces critical vulnerabilities, including the authentication bypass flaw CVE-2024-11639 and risks involving command injection, which endanger thousands of organisations worldwide.
A global leader in IT asset management company, Ivanti recently issued an urgent security patch for multiple critical vulnerabilities it exposed in its Cloud Services Appliance, or CSA. The security issues exposed thousands of worldwide organizations to potential cyber attacks: a bypass authentication flaw known as CVE-2024-11639, and OS command injection flaws CVE-2024-8190.
Authentication Bypass vulnerability from the cybersecurity firm CrowdStrike: This one allows a remote attacker to get administrative privileges on the Ivanti CSA appliance that is running any version lower than 5.0.2. This bug, with the maximum CVSS severity rating of 10, would allow the attacker to bypass authentication without the need for any interaction with the victim.
In addition, OS command injection (CVE-2024-8190) was already used in attacks in the wild, giving an authenticated attacker the capability to inject arbitrary commands into the CSA system. This could result in remote code execution, thus handing the attackers full control of vulnerable systems. Ivanti claims that it has responsibly disclosed the vulnerabilities, and no confirmed instances were reported before the public announcement. Nevertheless, the criticality of the flaws necessitates administrators to patch immediately.
Such flaws are not isolated incidents. Recently, Ivanti has managed a number of similar security bugs with its CSA platform, like path traversal and SQL injection. As part of efforts for enhanced security, Ivanti has promised to accelerate patching and improve internal testing to avoid future risks.
As Ivanti continues to update its security infrastructure, organizations that use CSA are encouraged to upgrade to the latest version of the appliance. The company has also advised customers to monitor their systems for any unusual activities that might indicate exploitation attempts.
This is the threat to IT infrastructure, where flaws in cloud-based solutions have shown to provide possible severe security breaches. Organizations must remain alert and prioritize timely patching to secure their assets against evolving cyber threats.