Ivanti has revealed that a recently patched security flaw in the Cloud Service Appliance (CSA) is being actively exploited in the wild.
The high severity vulnerability addressed is CVE-2024-8190 (CVSS Score: 7.2), which allows remote code execution under certain circumstances.
“OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier allows an authenticated attacker to obtain remote code execution” — Ivanti noted in an advisory issued earlier this week. “An attacker must have administrator-level privileges to exploit this vulnerability.”
The vulnerability affects Ivanti CSA 4.6, which has currently reached end-of-life status, requiring customers to upgrade to a supported version. However, this was addressed in CSA 4.6 Patch 519.
“With an end-of-life status, this is the last patch that Ivanti will push for this version,” the Utah-based IT software company added. “Customers must upgrade to Ivanti CSA 5.0 for continued support.”
“CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already using Ivanti CSA 5.0 do not need to take any additional action.”
Ivanti on Friday updated the advisory notes that it has observed confirmed use of the deficiency in the wild targeting “a limited number of customers.”
It did not disclose further details related to the attacks or the identity of the threat actors who used them, but a number of other vulnerabilities in Ivanti products were exploited by the China-nexus cyber-espionage groups as a zero-day.
This development prompted the US Cybersecurity and Infrastructure Security Agency (CISA). to add flaw in its known vulnerabilities (KEV) catalog that requires federal agencies to apply the corrections by October 4, 2024.
The disclosure also comes as cyber security company Horizon3.ai placed a detailed technical analysis of the critical deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) affecting Endpoint Manager (EPM) leading to remote code execution.
