-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #868 from DIVD-NL/sT0wn-nl-patch-1
Create DIVD-2024-00046.md
- Loading branch information
Showing
1 changed file
with
54 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| --- | ||
| layout: case | ||
| title: "Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA)" | ||
| author: Alwin Warringa | ||
| lead: Alwin Warringa | ||
| excerpt: "Ivanti CSA is affected by two critical vulnerabilities, allowing a remote unauthenticated attacker bypass admin authentication and execute arbitrary commands on the appliance." | ||
| researchers: | ||
| - Alwin Warringa | ||
| - Wessel Baltus | ||
| cves: | ||
| - CVE-2024-8963 | ||
| - CVE-2024-8190 | ||
| product: | ||
| - Ivanti Cloud Services Appliance (CSA) | ||
| versions: | ||
| - Ivanti CSA before 4.6 Patch 519 | ||
| recommendation: "Upgrade the Ivanti CSA 4.6 to CSA 5.0" | ||
| workaround: "none" | ||
| patch_status: Patch available | ||
| status : Open | ||
| start: 2024-09-24 | ||
| timeline: | ||
| - start: 2024-09-24 | ||
| end: | ||
| event: "DIVD starts researching the vulnerability." | ||
| - start: 2024-11-11 | ||
| end: | ||
| event: "DIVD finds fingerprint, preparing to scan." | ||
| - start: 2024-11-11 | ||
| end: | ||
| event: "Case opened and starting first scan." | ||
| - start: 2024-11-12 | ||
| end: | ||
| event: "Mails sent out." | ||
| --- | ||
|
|
||
| ## Summary | ||
| Ivanti has disclosed a critical vulnerability in Ivanti CSA 4.6 which was incidentally addressed in the patch released on 10 September (CSA 4.6 Patch 519). Successful exploitation could allow a remote unauthenticated attacker to access restricted functionality. If {% cve CVE-2024-8963 %} is used in conjunction with {% cve CVE-2024-8190 %} an attacker can bypass admin authentication and execute arbitrary commands on the appliance. | ||
|
|
||
| ## Recommendations | ||
|
|
||
| To remediate {% cve CVE-2024-8963 %} and {% cve CVE-2024-8190 %}, update to version 5.0. You can find a link to the Ivanti CSA bulletin at the bottom of this post. | ||
|
|
||
| ## What we are doing | ||
|
|
||
| DIVD is currently working to identify parties that are running a vulnerable version of Ivanti CSA and to notify these parties. | ||
|
|
||
| {% include timeline.html %} | ||
|
|
||
| ## More information | ||
|
|
||
| * {% cve CVE-2024-8963 %} | ||
| * {% cve CVE-2024-8190 %} | ||
| * [Ivanti CSA Security Bulletin](https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US) |