Ivanti Releases Security Updates for Critical Vulnerabilities in CSA and Connect Secure
2024-12-11
Learn about the crucial importance of timely patch management to protect against severe vulnerabilities in cloud security products.
Ivanti has released critical security updates to fix several serious vulnerabilities in its Cloud Services Application (CSA) and Connect Secure products, which could lead to privilege escalation and remote code execution. These vulnerabilities, which include authentication bypass, command injection, SQL injection, argument injection, and insecure permissions, have been addressed in updated versions of the affected products. Although there are currently no reports of these vulnerabilities being actively exploited, Ivanti urges users to update promptly due to the history of past vulnerabilities being targeted by state-sponsored attackers.
Privilege Escalation, Web App/Website Vulnerability
Ivanti, Cloud Services Application, Connect Secure, Vulnerabilities, Security Updates, CVE, Remote Code Execution
CVE-2024-11639; CVE-2024-11772; CVE-2024-11773; CVE-2024-11633; CVE-2024-11634; CVE-2024-8540
Ivanti Cloud Services Application, Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Sentry
Ivanti has issued critical security updates to address multiple vulnerabilities found in its Cloud Services Application (CSA) and Connect Secure products. These vulnerabilities pose significant risks, such as unauthorized access and the potential for remote code execution. The vulnerabilities addressed in the updates include: CVE-2024-11639: This is an authentication bypass issue in the admin web console of Ivanti CSA versions prior to 5.0.3. A remote attacker can exploit this flaw to gain administrative access without needing to authenticate. CVE-2024-11772: A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3, allowing a remote authenticated attacker with admin rights to execute arbitrary code. CVE-2024-11773: An SQL injection flaw in the admin web console of Ivanti CSA before version 5.0.3, enabling a remote authenticated attacker with admin privileges to execute arbitrary SQL commands. CVE-2024-11633: This is an argument injection vulnerability in Ivanti Connect Secure before version 22.7R2.4. It permits a remote authenticated attacker with admin rights to achieve remote code execution. CVE-2024-11634: A command injection vulnerability affecting Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2, allowing remote code execution by an attacker with admin privileges. CVE-2024-8540: An insecure permissions issue in Ivanti Sentry prior to versions 9.20.2, 10.0.2, and 10.1.0, allowing local authenticated users to modify sensitive application components. Ivanti has released updates for the following product versions to mitigate these vulnerabilities: While there are no current reports of these vulnerabilities being actively exploited, Ivanti emphasizes the importance of applying these updates quickly. This is particularly critical given past instances where vulnerabilities in Ivanti products have been leveraged by state-sponsored attackers.Ivanti Security Updates for Cloud Services Application and Connect Secure
Identified Vulnerabilities
Affected Versions and Remediation
https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html?m=1