CISA warns of hackers exploiting bug for end-of-life Ivanti product
Briefly

CISA has warned that organizations using Ivanti's Cloud Service Appliance version 4.6 and below are actively being targeted due to a newly discovered vulnerability, which has been included in their known exploited vulnerabilities list. This compromise can lead to serious security breaches, prompting a necessary update from the outdated versions to CSA 5.0, which doesn't harbor this threat.
Ivanti confirmed that a limited number of customers have experienced exploitation, yet declined to disclose further specifics. This lack of detail raises concerns about the potential annual risk for organizations that have not yet upgraded to the secure versions. Users should check for new admin accounts as a precautionary measure.
The vulnerability identified is an OS command injection flaw known as CVE-2024-8190, which allows an attacker with administrative rights to execute remote code on infected devices. Organizations must act quickly to mitigate this risk as federal agencies have a 60-day deadline to address vulnerabilities on the KEV list.
Ivanti's guidance emphasizes that 'CSA 5.0 is the only supported version and does not contain this vulnerability,' and that configurations should ensure dual-homing with specific setups to enhance security against potential exploits.
Read at CyberScoop
[
|
]