Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Vulnerabilities in Ivanti's Cloud Services Appliance
Alerts

Active Exploitation of Vulnerabilities in Ivanti's Cloud Services Appliance

15 October 2024

Ivanti has released security updates addressing multiple vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) affecting their Cloud Services Appliance (CSA). The vulnerabilities are reportedly being actively exploited.

The vulnerabilities are:

• CVE-2024-9379: Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker with administrative privileges to run arbitrary SQL statements.

• CVE-2024-9380: Successful exploitation of the OS command injection vulnerability could allow a remote authenticated attacker with administrative privileges to perform remote code execution. 

• CVE-2024-9381: Successful exploitation of the path traversal vulnerability could allow a remote authenticated attacker with administrative privileges to bypass restrictions. 

The aforementioned vulnerabilities can be chained with an earlier disclosed vulnerability CVE-2024-8963 to bypass admin authentication and perform remote code execution on vulnerable appliances. Read more about the vulnerability here.

These vulnerabilities affect Ivanti CSA versions 5.0.1 and prior.

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381?language=en_US

https://nvd.nist.gov/vuln/detail/CVE-2024-9379

https://nvd.nist.gov/vuln/detail/CVE-2024-9380

https://nvd.nist.gov/vuln/detail/CVE-2024-9381

Back to top