What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access, bypass security measures, run arbitrary SQL commands, and execute code remotely.The FortiGuard Incident Response (IR) team has been engaged in one of the compromised CSA (Cloud Services Appliance). As the investigation is still ongoing, more details about the campaign will be provided once available. CVE-2024-9379: SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.CVE-2024-9380: An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.CVE-2024-9381: Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.CVE-2024-8963: Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.What is the recommended Mitigation?Ivanti has released updates for Ivanti CSA (Cloud Services Appliance) which addresses these vulnerabilities. Security Advisory Ivanti CSA (Cloud Services Appliance)In the advisory, Ivanti has mentioned that they have observed limited exploitation of CSA 4.6 when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963.What FortiGuard Coverage is available?FortiGuard recommends users apply the vendor’s fixes as mentioned in the advisory. FortiGuard Web Filtering service has blocked all the known Indicators of Compromise (IoCs) captured during the IR engagement.FortiGuard Antivirus service has blocked all the known malware used by the threat actor in the related campaign.FortiGuard IPS protection is available for CVE-2024-8963 “Ivanti.Cloud.Service.Appliance.datetime.Command.Injection” to defend against the attack targeting the vulnerable Ivanti CSA systems.FortiGuard IPS protection is currently being investigated for CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
More Stories
Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Ivanti...
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful...
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe...
Critical Patches Issued for Microsoft Products, October 8, 2024
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in...
python-virtualenv-20.21.1-25.el10_0~bootstrap
FEDORA-EPEL-2024-34cd7a65de Packages in this update: python-virtualenv-20.21.1-25.el10_0~bootstrap Update description: Prevent command injection by quoting template strings in activation scripts Read More
python-virtualenv-20.21.1-25.fc41
FEDORA-2024-89014f5794 Packages in this update: python-virtualenv-20.21.1-25.fc41 Update description: Prevent command injection by quoting template strings in activation scripts Read More