Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Ivanti warns it has found another major security flaw in its systems

Digital image of a lock.

  • Ivanti finds 10/10 flaw in the Cloud Services Appliance
  • It allows hackers to gain administrative privileges
  • The bug was fixed in version 5.0.3, with users urged to update now

Ivanti is warning customers an older version of its Cloud Services Appliance (CSA) solution was found vulnerable to a maximum-severity (10/10) security vulnerability, and has urged them to upgrade to the newest version as soon as possible.

The critical flaw is described as an authentication bypass in the admin web console version CSA 5.0.2, and could allow remote, unauthenticated attackers to gain administrative privileges.

The bug, tracked as CVE-2024-11639, was given the maximum severity score since it does not require any user interaction to be abused, whatsoever.

To address the flaw, users should upgrade their appliances to version 5.0.3 - but fortunately there is still no evidence of abuse in the wild.

No evidence of abuse - yet

"We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program," Ivanti noted, adding that a PoC was not yet published anywhere. "Currently, there is no known public exploitation of these vulnerabilities that could be used to provide a list of indicators of compromise."

If history is any teacher, though, critical CSA vulnerabilities end up getting exploited sooner or later.

In late September 2024, it was reported that a critical path traversal vulnerability in CSA was being actively exploited in the wild to grant access to restricted product functionalities. The bug was even added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. It was fixed with version 5.0.

Ivanti CSA is a platform that provides cloud-based solutions for security, automation, and operations. It integrates Ivanti’s various IT management capabilities into an all-encompassing cloud environment. The appliance allows businesses to streamline their IT operations, offering features such as endpoint management, patch management, software distribution, and vulnerability scanning in a cloud-based architecture.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.