Ivanti Discloses Three New Zero-Day Vulnerabilities in Cloud Service Appliance

In a recent security advisory, Ivanti has revealed that three new zero-day vulnerabilities in its Cloud Service Appliance (CSA) have been actively exploited in the wild. 

The three newly identified vulnerabilities, identified as CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, are being exploited in conjunction with a previously patched vulnerability, CVE-2024-8963.

Ivanti reports that a limited number of customers running CSA 4.6 patch 518 and earlier versions have fallen victim to these attacks.

"We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963."- advisory reads.

CVE-2024-9379, with a CVSS score of 6.5, is a SQL injection vulnerability that allows authenticated attackers with admin privileges to execute arbitrary SQL statements. CVE-2024-9380 and CVE-2024-9381, both scoring 7.2 on the CVSS scale, enable OS code execution and security restriction bypass, respectively.

The severity of these vulnerabilities is heightened when chained with CVE-2024-8963, a critical path traversal flaw with a CVSS score of 9.4, which permits unauthenticated remote attackers to access restricted functionality. This combination of vulnerabilities presents a significant threat to affected systems.

Ivanti said it discovered the three new flaws as part of its investigation into the exploitation of CVE-2024-8963 and CVE-2024-8190 (CVSS score: 7.2), another now-patched OS command injection bug in CSA that has also been abused in the wild.

The company strongly advises customers to upgrade to CSA version 5.0.2, which includes patches for all known vulnerabilities. However, given the end-of-life status of CSA 4.6, which received its last security patch in September, users still running this version are urged to upgrade as soon as possible.