Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation, creating risks for customers.
Successful exploitation of these vulnerabilities could allow an authenticated attacker with admin privileges to bypass restrictions, run arbitrary SQL statements, or obtain remote code execution.
CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381 have been linked to breaches affecting customers who have not updated their CSA versions beyond 4.6 patch 518.
The attacks involve chaining these new flaws with CVE-2024-8963, a critical vulnerability that allows remote unauthenticated access, underscoring the importance of timely patches.
Collection
[
|
...
]