Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti has reported that a freshly fixed security weakness in its Cloud Service Appliance (CSA) has come under active exploitation in the wild.

The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which permits remote code execution under certain situations.

"An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution," Ivanti highlighted in an advisory posted earlier this week. "The attacker must have admin level privileges to exploit this vulnerability."

The issue effects Ivanti CSA 4.6, which has now achieved end-of-life status, mandating that clients switch to a supported version going forward. That noted, it has been addressed in CSA 4.6 Patch 519.

"With the end-of-life status this is the last fix that Ivanti will backport for this version," the Utah-based IT software business stated. "Customers must upgrade to Ivanti CSA 5.0 for continued support."

"CSA 5.0 is the only supported version and does not include this vulnerability. Customers currently operating Ivanti CSA 5.0 do not need to take any extra action."

On Friday, Ivanti updated their advice to say that it witnessed proven exploitation of the problem in the wild targeting a "limited number of customers."

It did not divulge more data linked to the assaults or the identities of the threat actors weaponizing it, but, a number of other vulnerabilities in Ivanti products have been exploited as a zero-day by China-nexus cyberespionage organizations.

The finding has caused the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the weakness to its Known Exploited Vulnerabilities (KEV) database, forcing government entities to deploy the remedies by October 4, 2024.

The revelation also comes as cybersecurity startup Horizon3.ai presented a comprehensive technical investigation of a significant deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) affecting Endpoint Manager (EPM) that results in remote code execution.