forums.ivanti.com
Open in
urlscan Pro
2606:4700::6811:7088
Public Scan
Submitted URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-...
Effective URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-...
Submission: On December 16 via api from DE — Scanned from DK
Effective URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-...
Submission: On December 16 via api from DE — Scanned from DK
Form analysis
0 forms found in the DOMText Content
Loading ×Sorry to interrupt CSS Error Refresh Skip to Main Content Community * Home * All Products * Forum Groups * Contact Support * Getting Started * Advantage Learning * Ivanti Ideas * Product End of Life * Site Resources * More Expand search SearchLoading Close search Log inAccount Management Ask a Question Log in for access to this feature Security Advisory Ivanti CSA (Cloud Services Application) (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) Primary Product Endpoint Manager Categories Cloud Services Application (CSA) 5.0 Created Date Oct 8, 2024 2:24:04 PM Last Modified Date Oct 21, 2024 3:45:10 PM SUMMARY Ivanti has released updates for Ivanti CSA (Cloud Services Application) which addresses a medium severity and two high severity vulnerabilities. Successful exploitation could lead to an attacker with admin privileges to bypass restrictions, run arbitrary SQL statements or obtain remote code execution. Please note, CSA 4.6 is end-of-life and the last security fix for this version was released on September 10. Additionally, it is important for customers to know that we have not observed exploitation of these vulnerabilities in any version of CSA 5.0. We have observed limited exploitation of CSA 4.6 when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963, present in CSA 4.6 patch 518 and below, it could lead to unauthenticated remote code execution. We have not observed these vulnerabilities being exploited in CSA 5.0. It is important for customers to know, CVE-2024-8963 was incidentally addressed in previous versions of CSA 5.0 with the removal of unnecessary code. The vulnerabilities disclosed below were discovered during our investigation into the exploitation of CVE-2024-8963 and CVE-2024-8190 in CSA 4.6 and found to be present, although not exploited, in CSA 5.0. VULNERABILITY DETAILS: CVE NumberDescriptionCVSS Score (Severity)CVSS VectorCWECVE-2024-9379SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. 6.5 (Medium)CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HCWE-89CVE-2024-9380An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. 7.2 (High)CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HCWE-77CVE-2024-9381Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.7.2 (High)CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HCWE-22 Affected Versions Product NameAffected Version(s)Affected CPE(s)Resolved Version(s)Patch AvailabilityIvanti CSA (Cloud Services Appliance)5.0.1 and priorcpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:-:*:*:*:*:*:*5.0.2https://forums.ivanti.com/s/article/Ivanti-Cloud-Services-Application-5-0-2-Download-Release-Notes-Patch-History SOLUTION Customers who have not already done so should upgrade to CSA 5.0.2 as described HERE. Customers running CSA 5.0.1 and prior should update to CSA 5.0.2 . FAQ 1. Are you aware of any active exploitation of these vulnerabilities? * We are aware of a limited number of customers who are running CSA 4.6 who have been exploited when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963. We have not observed exploitation of customers running CSA 5.0. 2. How can I tell if I have been compromised? * Ivanti recommends reviewing the CSA for modified or newly added administrative users. While inconsistent, some attempts may show up in the broker logs which are local to the system. We also recommend reviewing EDR alerts, if you have installed EDR or other security tools on your CSA. As this is an edge device, Ivanti strongly recommends using a layered approach to security and installing an EDR tool on the CSA. 3. What should I do if I suspect I have been compromised? * If you suspect compromise, Ivanti’s recommendation is that you rebuild your CSA with version 5.0.2. 4. What should I do if I need help? * If you have questions after reviewing this information, you can log a case and/or request a call via the Success Portal Article Number : 000095266 Article Promotion Level Normal * * Terms & Conditions * Privacy Policy * Copyright © 2019-2023 Ivanti. All rights reserved. Loading WE USE COOKIES 🍪 We use cookies on this site to improve your browser experience, analyze usage and traffic, tailor future content to your preferences, and make decisions about our website. Cookies Settings Only Essential Cookies Accept All Cookies PRIVACY PREFERENCE CENTER YOUR PRIVACY YOUR PRIVACY We use cookies on this site to improve your browser experience, analyze usage and traffic, tailor future content to your preferences, and make decisions about our website. Select "Allow All" to accept cookies and go directly to the site, or select a category of cookies from the menu to learn more about each type of cookie. More information * STRICTLY NECESSARY STRICTLY NECESSARY Always Active Strictly Necessary These cookies are required to enable core site functionality. Cookie Details * PERFORMANCE COOKIES PERFORMANCE COOKIES Performance Cookies These cookies allow us to analyze site performance and usage, so we can ensure you have the best experience. Cookie Details * PERSONALIZATION COOKIES PERSONALIZATION COOKIES Personalization Cookies These cookies can be set through our website by our advertising partners. They can be used by these companies to build a profile of your interests and show you relevant ads on other websites. Cookie Details * FUNCTIONAL COOKIES FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookie Details Back Button ADVERTISING COOKIES Filter Button Consent Leg.Interest Select All Vendors Select All Vendors Select All Hosts Select All Clear Filters Information storage and access Apply Save Settings Allow All