168彩票

Advertise with Us

CISA Warns of Critical Ivanti Vulnerability Being Exploited

The Cybersecurity & Infrastructure Security Agency is warning of a critical vulnerability in Ivanti Cloud Services Appliance (CSA) that is being actively exploited.
CISA Warns of Critical Ivanti Vulnerability Being Exploited
Written by Matt Milano
Monday, September 16, 2024

The Cybersecurity & Infrastructure Security Agency is w💛arning of a critical vulnerability in Ivanti Cloud Services Appliance (CSA) that 📖is being actively exploited.

Ivanti a security advisory for CSA 4.6 to address a high sevཧeritꦑy vulnerability that could give attackers unauthorized accesses to devices running a CSA.

An OS command injection vulnerability in Ivanti Clou🔥d Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The ꦆattacker must have admin level privileges to exploit this vulnerability.

To m🐻ake matters worse, CSA 4.6 is End-of-Life (E♛OL), limiting availability of future updates.

Please note: Ivanti CSA 4.6 is End-of-Life, and no longeﷺr receives patches for OS or third-party libraries. Addition🍌ally, with the end-of-life status this is the last fix that Ivanti will backport for this version. Customers must upgrade to Ivanti CSA 5.0 for continued support. CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already running Ivanti CSA 5.0 do not need to take any additional action.

CISA is now agencies of the vulnerability, instrღucting them to immediately take measures to mitigate the risk.

CISA recommends users and administrators review CISA and FBI’s joint guidance on eliminating OS command injections and the Ivanti security advisory and apply the recommended updates.

Note: CISA has added CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to p♕rotect FCEB networks against active threats.

Because Ivanti CS𒁏A 4.6 is EOL, however, CISA is agencies ta⛎ke the additional step of replacing it, since it will not receive future security updates.

Action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vuꦿlnerabilities on the 4.6.x version of CSA are🌄 unlikely to receive future security updates.

Subscribe for Updates

CloudSecurityUpdate Newsletter

The CloudSecurityUpdate Email Newsletter is essential for IT, security, and clouওd professionals focused on protecting cloud environments. Perfect for leaders managing cloud security in a rapidly evolving landscape.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

168彩票:Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us
About Us

WebProNews is a leading publisher of business and technology email newsletters and websites.

©2025 iEntry, Inc. All rights reserved. 168彩票:Privacy Policy | | 168彩票:Contact Us |