Source URL: https://www.theregister.com/2024/09/20/patch_up_ivanti_fixes_exploited/
Source: The Register
Title: Ivanti patches exploited admin command execution flaw
Feedly Summary: Fears over chained attacks affecting EOL product
The US Cybersecurity and Infrastructure Security Agency (CISA) just added the latest Ivanti weakness to its Known Exploited Vulnerability (KEV) catalog, a situation sure to annoy some – given that it’s yet another path traversal flaw.…
AI Summary and Description: Yes
Summary: The recent addition of a critical Ivanti vulnerability to CISA’s Known Exploited Vulnerability catalog highlights ongoing issues with path traversal flaws, emphasizing the need for a secure-by-design development approach. The vulnerability is critical due to its potential impact on critical infrastructure sectors, and CISA’s repeated calls for improved security practices reflect the urgency for proactive measures among IT vendors.
Detailed Description:
– **CISA’s Vigilance on Vulnerabilities**: The US Cybersecurity and Infrastructure Security Agency (CISA) continually adds new vulnerabilities to its Known Exploited Vulnerability (KEV) catalog, aiming to alert the cybersecurity community about exploitations that could endanger critical infrastructure.
– **Path Traversal Flaws**: The latest entry is a path traversal vulnerability in the end-of-life Ivanti Cloud Services Appliance (CSA) 4.6, rated at a critical severity of 9.4. This type of vulnerability has been prevalent across multiple IT vendors, prompting CISA to urge the infosec community to eliminate such flaws.
– **Potential Impact on Infrastructure**: This vulnerability’s prior exploitation in systems integral to health and public sectors signifies a critical risk, as it could allow attackers to gain unauthorized access and execute commands if coupled with other vulnerabilities.
– **Mitigation Measures**: Ivanti advises its customers to apply the latest security patches, check for unauthorized changes to administrative users, and utilize endpoint detection and response (EDR) tools to detect potential compromises—a crucial response considering its critical edge-device role.
– **Secure-by-Design Initiatives**: CISA has emphasized a secure-by-design (SBD) approach in software development to prevent similar vulnerabilities from emerging. Ivanti’s CEO has acknowledged the need for this shift in their processes in light of recent security incidents, suggesting a broader commitment to enhancing security practices among IT vendors.
– **Community Engagement**: CISA launched a secure-by-design pledge to encourage vendors to commit publicly to improving their security posture. The results of these commitments will be reviewed in upcoming security conferences, fostering accountability in how effectively these measures are instituted.
This situation underscores the ongoing challenges in cybersecurity within the infrastructure domain, urging security and compliance professionals to prioritize vulnerability management and adopt a proactive, secure design philosophy in software development.