In January, after a series of attacks that exploited zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure, CISA took the unusual step of ordering all government agencies to disconnect affected Ivanti products from their networks. Following that incident Ivanti became one of the first vendors to sign the CISA Secure by Design pledge and launched a review and overhaul of its security engineering and risk management processes.
In February, attackers targeted the Ivanti XXE vulnerability in certain versions of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways days after it was released. Later, security agencies from several nations warned that attackers were able to manipulate the integrity checking tools provided by Ivanti in response to those zero days. In April, Ivanti announced plans to revamp the base’s engineering and security operations to deal with routine and evolving adversary actions due to these issues.
Affected CSA users are urged to upgrade to version 5.0
The CVE-2024-8190 vulnerability was patched on Sept. 10 command injection vulnerability that allows attackers to access arbitrary code execution in the underlying OS. The vulnerability requires administrative privileges to exploit, meaning attackers would have to obtain those credentials in some other way or brute force them because they were too weak. Because of this, the fault is limited only to a large size instead of criticism, with 7.2 points out of 10 on the CVSS scale.
Source link