Unrestricted Access: Path Traversal Vulnerability in Ivanti CSA
CVE-2024-8963

9.1CRITICAL

Key Information:

Vendor
Ivanti
Status
Csa (cloud Services Appliance)
Vendor
CVE Published:
19 September 2024

Badges

๐Ÿ’ฐ Ransomware๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 96%๐Ÿฆ… CISA Reported๐Ÿ“ฐ News Worthy

Summary

CVE-2024-8963 is a critical path traversal vulnerability in Ivanti CSA that allows a remote unauthenticated attacker to access restricted functionality. This issue affects Ivanti CSA version 4.6 before Patch 519 and can be chained with a separate command injection flaw to execute commands with admin privileges. Ivanti has released a fix for this vulnerability and has issued an advisory urging customers to apply the patch as soon as possible. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerability (KEV) catalog, and they are instructing federal agencies to address it by October 10. There is an unspecified number of known exploits but no information on known exploitation by ransomware groups. This vulnerability is part of a larger trend of path traversal flaws affecting IT vendors and underscores the critical need for secure-by-design development practices in the software industry.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.

Affected Version(s)

CSA (Cloud Services Appliance) 4.6 Patch 519

CSA (Cloud Services Appliance) 4.6 Patch 519

CSA (Cloud Services Appliance) 5.0

News Articles

favicon image

3 More Ivanti Cloud Vulns Exploited in the Wild

The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).

3 months ago

favicon imageTechTarget

Ivanti zero-day vulnerabilities exploited in chained attack | TechT...

A limited number of Ivanti Cloud Service Application customers have been attacked in exploit chains containing zero-day vulnerabilities.

3 months ago

favicon imageInfosecurity Magazine

Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks

Ivantiโ€™s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs

3 months ago

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

EPSS Score

96% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ’ฐ

    Used in Ransomware

  • ๐Ÿ“ฐ

    First article discovered by SecurityWeek

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database7 News Article(s)
.