The Register: Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Dec 11, 2024

—

Source URL: https://www.theregister.com/2024/12/11/ivanti_vulns_critical/
Source: The Register
Title: Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Feedly Summary: Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker
Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10.…

AI Summary and Description: Yes

Summary: Ivanti has issued a security advisory detailing three critical vulnerabilities in its Cloud Services Application (CSA), including a critical authentication bypass flaw rated as a perfect 10. The flaws pose significant risks, allowing unauthorized access to sensitive organizational data and potential exploitation by attackers.

Detailed Description: The advisory highlights three major vulnerabilities within Ivanti’s Cloud Services Application (CSA), which is crucial for IT systems management and internal data access. The specific vulnerabilities are as follows:

– **CVE-2024-11639**:
– Type: Authentication Bypass
– Severity: 10 (CVSS)
– Impact: Unauthenticated users can grant administrative privileges, posing major security risks as it allows unauthorized access to sensitive system capabilities.

– **CVE-2024-11772**:
– Type: Command Injection
– Severity: 9.1
– Impact: When combined with admin privileges, this vulnerability allows attackers to execute arbitrary code remotely, thereby jeopardizing the integrity of the system.

– **CVE-2024-11773**:
– Type: SQL Injection
– Severity: 9.1
– Impact: This vulnerability permits admin users to run arbitrary SQL statements, which can potentially be exploited to manipulate or extract confidential data.

Additional points include:
– Vulnerabilities affect Ivanti CSA versions 5.0.2 and earlier; customers should upgrade to version 5.0.3.
– No current evidence of customer exploitation prior to advisory release.
– CrowdStrike discovered and reported these issues, emphasizing a trend of security lapses surrounding Ivanti’s CSA admin web console, which has attracted notice from CISA.
– CISA has previously ordered vulnerabilities relating to the CSA to be patched swiftly as they had been observed under active attack conditions.

This advisory is critical for security and compliance professionals who must prioritize patch management, vulnerability assessment, and remediation strategies to safeguard against these significant security threats. Understanding the potential impact of these vulnerabilities can inform risk management practices and help in preventive measures against cyberattacks.

1 2 2024 3 4 a access Act admin portal administrative privileges advisory AI anti Application as assessment attack attackers authentication Authentication Bypass AWS by bypass C capabilities CISA Cloud cloud service cloud services cloud services application code command command injection compliance compliance professionals Console critical CrowdStrike Current Customer CVE cyber cyberattack Cyberattacks D data data access e end event exp exploit Exploitation for friendly g GIS high Highlight http HTTPS in injection integrity inter intern ite Ivanti Just k l law led low management media NIST no o of on one organization ory over Patch Patch Management pre preventive measures professionals RCE remediation Risk risk management risk management practices risks s sec security security advisory security and compliance security risk security risks security threat security threats service services severity Sig source sql SSE state Swift system systems T the threats to unauthenticated unauthorized access up upgrade user uth vulnerabilities vulnerability vulnerability assessment web Wi x