Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create DIVD-2024-00046.md #868

Merged
merged 2 commits into from
Nov 12, 2024
Merged

Create DIVD-2024-00046.md #868

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e4b8f6f
Create DIVD-2024-00046.md
sT0wn-nl Nov 12, 2024
20f41ed
Update _cases/2024/DIVD-2024-00046.md
sT0wn-nl Nov 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions _cases/2024/DIVD-2024-00046.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
---
layout: case
title: "Multiple critical vulnerablilties in Ivanti Cloud Services Appliance (CSA)"
author: Alwin Warringa
lead: Alwin Warringa
excerpt: "Ivanti CSA is affected by two critical vulnerabilities, allowing a remote unauthenticated attacker bypass admin authentication and execute arbitrary commands on the appliance."
researchers:
- Alwin Warringa
- Wessel Baltus
cves:
- CVE-2024-8963
- CVE-2024-8190
product:
- Ivanti Cloud Services Appliance (CSA)
versions:
- Ivanti CSA before 4.6 Patch 519
recommendation: "Upgrade the Ivanti CSA 4.6 to CSA 5.0"
workaround: "none"
patch_status: Patch available
status : Open
start: 2024-09-24
timeline:
- start: 2024-09-24
end:
event: "DIVD starts researching the vulnerability."
- start: 2024-11-11
end:
event: "DIVD finds fingerprint, preparing to scan."
- start: 2024-11-11
end:
event: "Case opened and starting first scan."
- start: 2024-11-12
end:
event: "Mails sent out."
---

## Summary
Ivanti is disclosing a critical vulnerability in Ivanti CSA 4.6 which was incidentally addressed in the patch released on 10 September (CSA 4.6 Patch 519). Successful exploitation could allow a remote unauthenticated attacker to access restricted functionality. If {% cve CVE-2024-8963 %} is used in conjunction with {% cve CVE-2024-8190 %} an attacker can bypass admin authentication and execute arbitrary commands on the appliance.
sT0wn-nl marked this conversation as resolved.
Show resolved Hide resolved

## Recommendations

To remediate {% cve CVE-2024-8963 %} and {% cve CVE-2024-8190 %}, update to version 5.0. You can find a link to the Ivanti CSA bulletin at the bottom of this post.

## What we are doing

DIVD is currently working to identify parties that are running a vulnerable version of Ivanti CSA and to notify these parties.

{% include timeline.html %}

## More information

* {% cve CVE-2024-8963 %}
* {% cve CVE-2024-8190 %}
* [Ivanti CSA Security Bulletin](https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US)