Close Menu
Subscribe
Global Security

Ivanti releases critical security updates for CSA and Connect Secure vulnerabilities

AdminBy No Comments2 Mins Read
CSA and Connect Secure Vulnerabilities


December 11, 2024Ravi LakshmananVulnerability / Network Security

CSA and Connect Secure vulnerabilities

Ivanti has released security updates to address multiple critical vulnerabilities in its Cloud Services Application (CSA) and Connect Secure products that could lead to elevation of privilege and code execution.

The list of vulnerabilities is as follows –

  • CVE-2024-11639 (CVSS Score: 10.0) – Authentication bypass vulnerability in the Ivanti CSA Web Admin Console before 5.0.3 could allow a remote, unauthenticated attacker to gain administrative access
  • CVE-2024-11772 (CVSS Score: 9.1) – Command execution vulnerability in the Ivanti CSA Web Admin Console before version 5.0.3 allows a remote authenticated attacker with administrative privileges to achieve remote code execution
  • CVE-2024-11773 (CVSS Score: 9.1) – SQL injection vulnerability in the Ivanti CSA Web Admin Console before 5.0.3 that allows a remote authenticated attacker with administrative privileges to execute arbitrary SQL statements
  • CVE-2024-11633 (CVSS Score: 9.1) – Argument injection vulnerability in Ivanti Connect Secure before version 22.7R2.4, which allows a remote authenticated attacker with administrative privileges to achieve remote code execution
  • CVE-2024-11634 (CVSS Score: 9.1) – Command injection vulnerability in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 that allows a remote authenticated attacker with administrative privileges to achieve remote code execution
  • CVE-2024-8540 (CVSS Score: 8.8) – Critical permissions vulnerability in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 that allows an attacker with local authentication to modify sensitive application components
Cyber ​​security

The flaws have been fixed in the following versions –

  • Ivanti Cloud Services Application 5.0.3
  • Ivanti Connect Secure 22.7R2.4
  • Ivanti Secure Policy 22.7R1.2
  • Ivanti Sentry 9.20.2, 10.0.2 and 10.1.0

While Ivanta has it underlined that he is not aware of the active use of any of the aforementioned flaws, it is imperative that users take swift action, given that several flaws in his products have been abused by state-sponsored attackers for malicious activity.

Did you find this article interesting? Follow us Twitter and LinkedIn to read more exclusive content we publish.





Source link

Share.

Related Posts

Add A Comment
Leave A Reply