forums.ivanti.com Open in urlscan Pro
2606:4700::6811:7088  Public Scan

Submitted URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-...
Effective URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-...
Submission: On December 16 via api from DE — Scanned from DK

Form analysis 0 forms found in the DOM

Text Content

Loading
×Sorry to interrupt
CSS Error

Refresh

Skip to Main Content

Community
 * Home
 * All Products
 * Forum Groups
   
 * Contact Support
 * Getting Started
   
 * Advantage Learning
 * Ivanti Ideas
 * Product End of Life
 * Site Resources
 * More
   


Expand search
SearchLoading



Close search

Log inAccount Management

Ask a Question


Log in for access to this feature



Security Advisory Ivanti CSA (Cloud Services Application) (CVE-2024-9379,
CVE-2024-9380, CVE-2024-9381)
Primary Product
Endpoint Manager
Categories
Cloud Services Application (CSA) 5.0
Created Date
Oct 8, 2024 2:24:04 PM
Last Modified Date
Oct 21, 2024 3:45:10 PM


SUMMARY

Ivanti has released updates for Ivanti CSA (Cloud Services Application) which
addresses a medium severity and two high severity vulnerabilities. Successful
exploitation could lead to an attacker with admin privileges to bypass
restrictions, run arbitrary SQL statements or obtain remote code execution.
Please note, CSA 4.6 is end-of-life and the last security fix for this version
was released on September 10. Additionally, it is important for customers to
know that we have not observed exploitation of these vulnerabilities in any
version of CSA 5.0.
We have observed limited exploitation of CSA 4.6 when CVE-2024-9379 or
CVE-2024-9380 are chained with CVE-2024-8963, present in CSA 4.6 patch 518 and
below, it could lead to unauthenticated remote code execution. We have not
observed these vulnerabilities being exploited in CSA 5.0.
It is important for customers to know, CVE-2024-8963 was incidentally addressed
in previous versions of CSA 5.0 with the removal of unnecessary code. The
vulnerabilities disclosed below were discovered during our investigation into
the exploitation of CVE-2024-8963 and CVE-2024-8190 in CSA 4.6 and found to be
present, although not exploited, in CSA 5.0.
 


VULNERABILITY DETAILS:

CVE NumberDescriptionCVSS Score (Severity)CVSS VectorCWECVE-2024-9379SQL
injection in the admin web console of Ivanti CSA before version 5.0.2 allows a
remote authenticated attacker with admin privileges to run arbitrary SQL
statements. 6.5
(Medium)CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HCWE-89CVE-2024-9380An OS
command injection vulnerability in the admin web console of Ivanti CSA before
version 5.0.2 allows a remote authenticated attacker with admin privileges to
obtain remote code execution. 7.2
(High)CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HCWE-77CVE-2024-9381Path
traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated
attacker with admin privileges to bypass restrictions.7.2
(High)CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HCWE-22


Affected Versions

Product NameAffected Version(s)Affected CPE(s)Resolved Version(s)Patch
AvailabilityIvanti CSA (Cloud Services Appliance)5.0.1 and
priorcpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:-:*:*:*:*:*:*5.0.2https://forums.ivanti.com/s/article/Ivanti-Cloud-Services-Application-5-0-2-Download-Release-Notes-Patch-History

 


SOLUTION

Customers who have not already done so should upgrade to CSA 5.0.2 as described
HERE. 
Customers running CSA 5.0.1 and prior should update to CSA 5.0.2 .


FAQ

 1. Are you aware of any active exploitation of these vulnerabilities?
    * We are aware of a limited number of customers who are running CSA 4.6 who
      have been exploited when CVE-2024-9379 or CVE-2024-9380 are chained with
      CVE-2024-8963. We have not observed exploitation of customers running CSA
      5.0.
 2. How can I tell if I have been compromised?
    * Ivanti recommends reviewing the CSA for modified or newly added
      administrative users. While inconsistent, some attempts may show up in the
      broker logs which are local to the system. We also recommend reviewing EDR
      alerts, if you have installed EDR or other security tools on your CSA. As
      this is an edge device, Ivanti strongly recommends using a layered
      approach to security and installing an EDR tool on the CSA.
 3. What should I do if I suspect I have been compromised?
    * If you suspect compromise, Ivanti’s recommendation is that you rebuild
      your CSA with version 5.0.2.
 4. What should I do if I need help? 
    * If you have questions after reviewing this information, you can log a case
      and/or request a call via the Success Portal 
       

Article Number :
000095266
Article Promotion Level
Normal

 * 
 * Terms & Conditions
 * Privacy Policy
 * 

Copyright © 2019-2023 Ivanti. All rights reserved.



Loading



WE USE COOKIES 🍪

We use cookies on this site to improve your browser experience, analyze usage
and traffic, tailor future content to your preferences, and make decisions about
our website.
Cookies Settings Only Essential Cookies Accept All Cookies



PRIVACY PREFERENCE CENTER




YOUR PRIVACY

YOUR PRIVACY

We use cookies on this site to improve your browser experience, analyze usage
and traffic, tailor future content to your preferences, and make decisions about
our website. Select "Allow All" to accept cookies and go directly to the site,
or select a category of cookies from the menu to learn more about each type of
cookie.
More information


 * STRICTLY NECESSARY
   
   STRICTLY NECESSARY
   
   Always Active
   Strictly Necessary
   
   These cookies are required to enable core site functionality.
   
   Cookie Details‎


 * PERFORMANCE COOKIES
   
   PERFORMANCE COOKIES
   
   Performance Cookies
   
   These cookies allow us to analyze site performance and usage, so we can
   ensure you have the best experience.
   
   Cookie Details‎


 * PERSONALIZATION COOKIES
   
   PERSONALIZATION COOKIES
   
   Personalization Cookies
   
   These cookies can be set through our website by our advertising partners.
   They can be used by these companies to build a profile of your interests and
   show you relevant ads on other websites.
   
   Cookie Details‎


 * FUNCTIONAL COOKIES
   
   FUNCTIONAL COOKIES
   
   Functional Cookies
   
   These cookies enable the website to provide enhanced functionality and
   personalization. They may be set by us or by third party providers whose
   services we have added to our pages. If you do not allow these cookies then
   some or all of these services may not function properly.
   
   Cookie Details‎

Back Button


ADVERTISING COOKIES

Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts

Select All



Clear Filters

Information storage and access
Apply
Save Settings Allow All