Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Ivanti warns of active exploitation of cloud device vulnerability with new patches
Global Security

Ivanti warns of active exploitation of cloud device vulnerability with new patches

AdminBy AdminSeptember 14, 2024No Comments2 Mins Read
Cloud Appliance Vulnerability
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


September 14, 2024Ravi LakshmananEnterprise Security / Threat Intelligence

Cloud Device Vulnerability

Ivanti has revealed that a recently patched security flaw in the Cloud Service Appliance (CSA) is being actively exploited in the wild.

The high severity vulnerability addressed is CVE-2024-8190 (CVSS Score: 7.2), which allows remote code execution under certain circumstances.

“OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier allows an authenticated attacker to obtain remote code execution” — Ivanti noted in an advisory issued earlier this week. “An attacker must have administrator-level privileges to exploit this vulnerability.”

Cyber ​​security

The vulnerability affects Ivanti CSA 4.6, which has currently reached end-of-life status, requiring customers to upgrade to a supported version. However, this was addressed in CSA 4.6 Patch 519.

“With an end-of-life status, this is the last patch that Ivanti will push for this version,” the Utah-based IT software company added. “Customers must upgrade to Ivanti CSA 5.0 for continued support.”

“CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already using Ivanti CSA 5.0 do not need to take any additional action.”

Ivanti on Friday updated the advisory notes that it has observed confirmed use of the deficiency in the wild targeting “a limited number of customers.”

It did not disclose further details related to the attacks or the identity of the threat actors who used them, but a number of other vulnerabilities in Ivanti products were exploited by the China-nexus cyber-espionage groups as a zero-day.

Cyber ​​security

This development prompted the US Cybersecurity and Infrastructure Security Agency (CISA). to add flaw in its known vulnerabilities (KEV) catalog that requires federal agencies to apply the corrections by October 4, 2024.

The disclosure also comes as cyber security company Horizon3.ai placed a detailed technical analysis of the critical deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) affecting Endpoint Manager (EPM) leading to remote code execution.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025

Band

June 13, 2025

Apple Zero Click’s downside in reports to spy on journalists using spyware Paragon software

June 13, 2025

Both Vextrio and affiliates control the global network

June 12, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025

Band

June 13, 2025

Apple Zero Click’s downside in reports to spy on journalists using spyware Paragon software

June 13, 2025

Both Vextrio and affiliates control the global network

June 12, 2025

How to Decide Safety Expanding

June 12, 2025

The new tokenbreak attack combines AI moderation with a one -sided character change

June 12, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.