Source URL: https://www.cisa.gov/news-events/alerts/2025/01/22/cisa-and-fbi-release-advisory-how-threat-actors-chained-vulnerabilities-ivanti-cloud-service
Source: Alerts
Title: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
Feedly Summary: CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to active exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities—in Ivanti Cloud Service Appliances (CSA) in September 2024.
CISA, and the use of trusted third-party incident response data, found that threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks.
CISA and FBI strongly encourage network administrators and defenders to upgrade to the latest supported version of Ivanti CSA and to hunt for malicious activity on their networks using the detection methods and indicators of compromise (IOCs) provided in the advisory. All members of the cybersecurity community are also encouraged to visit CISA’s Known Exploited Vulnerabilities Catalog to help better manage vulnerabilities and keep pace with threat activity. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
AI Summary and Description: Yes
Summary: The advisory from CISA and the FBI identifies exploited vulnerabilities in Ivanti Cloud Service Applications and highlights the importance of updating systems and monitoring for malicious activities. This is particularly relevant for professionals in cloud computing and cybersecurity, emphasizing proactive measures against emerging threats.
Detailed Description: The advisory released by CISA (Cybersecurity and Infrastructure Security Agency) and the FBI is crucial for cybersecurity professionals as it addresses recent vulnerabilities found in Ivanti Cloud Service Applications. Here are the key points:
– **Vulnerabilities Identified**: The advisory highlights several critical vulnerabilities:
– **CVE-2024-8963**: Administrative bypass vulnerability.
– **CVE-2024-9379**: SQL injection vulnerability.
– **CVE-2024-8190 and CVE-2024-9380**: Remote code execution vulnerabilities.
– **Threat Actor Behavior**: CISA reports that threat actors are using these vulnerabilities in a chained manner to:
– Gain initial access to systems.
– Execute remote code (RCE).
– Obtain user credentials.
– Implant webshells for persistent access in victim networks.
– **Recommendations for Network Administrators**:
– Upgrade to the latest supported version of Ivanti Cloud Service Appliances to mitigate risk.
– Utilize detection methods and indicators of compromise (IOCs) provided in the advisory to identify and respond to potential threats.
– **Community Engagement**: CISA encourages all members of the cybersecurity community to stay informed through resources like the Known Exploited Vulnerabilities Catalog and the Cross-Sector Cybersecurity Performance Goals.
This advisory serves as a critical reminder for organizations leveraging cloud services to remain vigilant and proactive in managing their cybersecurity postures. It underscores the importance of timely updates and threat intelligence sharing within the cybersecurity ecosystem, directly impacting cloud computing security and compliance initiatives.