Alerts: Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance

Source URL: https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance
Source: Alerts
Title: Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance

Feedly Summary: Ivanti has released a security update to address an admin bypass vulnerability (CVE-2024-8963) affecting Ivanti Cloud Services Appliance (CSA) version 4.6.  A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190–detailed in a Sept. 13 Ivanti security advisory–to take control of an affected system. This vulnerability impacts all versions prior to patch 519.
Ivanti has confirmed limited exploitation and recommends that users upgrade to CSA version 5.0, as version 4.6 is end-of-life and no longer supported. CISA urges users and administrators review the Ivanti security advisory and apply the necessary updates. 
Note: CISA has added CVE-2024-8963 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.   

AI Summary and Description: Yes

Summary: The text discusses a critical security update from Ivanti addressing an admin bypass vulnerability that poses significant risks to users of its Cloud Services Appliance. This vulnerability’s timely remediation is crucial for maintaining security across affected platforms, particularly for federal agencies under CISA guidance.

Detailed Description: The text primarily focuses on a newly identified vulnerability (CVE-2024-8963) within the Ivanti Cloud Services Appliance (CSA) version 4.6, highlighting the critical nature of the issue for security practitioners, especially those in infrastructure and cloud security.

Key Points:
– Ivanti has released a security update to address an admin bypass vulnerability identified as CVE-2024-8963.
– The vulnerability affects Ivanti CSA version 4.6, and any software versions prior to patch 519 are deemed vulnerable.
– This vulnerability can potentially be exploited by cyber threat actors in combination with another vulnerability (CVE-2024-8190) noted in a prior advisory, allowing them to take control of affected systems.
– Ivanti recommends users upgrade to CSA version 5.0, as version 4.6 is now end-of-life and no longer receives support and updates.
– The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed limited exploitation of this vulnerability, emphasizing the urgency for users and administrators to follow the Ivanti security advisory and apply necessary updates promptly.
– CISA has added CVE-2024-8963 to its Known Exploited Vulnerabilities Catalog, affecting Federal Civilian Executive Branch agencies. This categorization mandates these agencies to remediate vulnerabilities swiftly to secure their networks against active threats per Binding Operational Directive (BOD) 22-01.

The implications for security and compliance professionals are significant; the mandated response for federal agencies underscores the importance of rapid assessment and remediation of vulnerabilities in cloud infrastructure. The detailed recommendations from Ivanti and CISA serve as critical guidance for organizations operating under various compliance frameworks to ensure ongoing security and resilience against potential exploits.