Unrestricted Access: Path Traversal Vulnerability in Ivanti CSA
CVE-2024-8963

9.1CRITICAL

Key Information:

Vendor
Ivanti
Status
Csa (cloud Services Appliance)
Vendor
CVE Published:
19 September 2024

Badges

💰 Ransomware👾 Exploit Exists🟣 EPSS 96%🦅 CISA Reported📰 News Worthy

Summary

CVE-2024-8963 is a critical path traversal vulnerability in Ivanti CSA that allows a remote unauthenticated attacker to access restricted functionality. This issue affects Ivanti CSA version 4.6 before Patch 519 and can be chained with a separate command injection flaw to execute commands with admin privileges. Ivanti has released a fix for this vulnerability and has issued an advisory urging customers to apply the patch as soon as possible. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerability (KEV) catalog, and they are instructing federal agencies to address it by October 10. There is an unspecified number of known exploits but no information on known exploitation by ransomware groups. This vulnerability is part of a larger trend of path traversal flaws affecting IT vendors and underscores the critical need for secure-by-design development practices in the software industry.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.

Affected Version(s)

CSA (Cloud Services Appliance) 4.6 Patch 519

CSA (Cloud Services Appliance) 4.6 Patch 519

CSA (Cloud Services Appliance) 5.0

News Articles

favicon imageBleepingComputer

CISA: Hackers still exploiting older Ivanti bugs to breach networks

CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks.

1 month ago

3 More Ivanti Cloud Vulns Exploited in the Wild

The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).

favicon imageTechTarget

Ivanti zero-day vulnerabilities exploited in chained attack | TechT...

A limited number of Ivanti Cloud Service Application customers have been attacked in exploit chains containing zero-day vulnerabilities.

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

EPSS Score

96% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 📰

    First article discovered by SecurityWeek

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.