Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild.The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances.’An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution,’ Ivanti [noted](https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html) in an advisory released earlier this week. ‘The attacker must have admin level privileges to exploit this vulnerability.’ The flaw impacts Ivanti CSA 4.6, which has currently reached end-of-life status, requiring that customers upgrade to a supported version going forward. That said, it has been addressed in CSA 4.6 Patch 519.’With the end-of-life status this is the last fix that Ivanti will backport for this version,’ the Utah-based IT software company added. ‘Customers must upgrade to Ivanti CSA 5.0 for continued support.”CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already running Ivanti CSA 5.0 do not need to take any additional action.’On Friday, Ivanti [updated](https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US) its advisory to note that it observed confirmed exploitation of the flaw in the wild targeting a ‘limited number of customers.’It did not reveal additional specifics related to the attacks or the identity of the threat actors weaponizing it, however, a number of other vulnerabilities in Ivanti products have been exploited as a zero-day by China-nexus cyberespionage groups.The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to [add](https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-adds-one-known-exploited-vulnerability-catalog) the shortcoming to its Known Exploited Vulnerabilities ([KEV](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)) catalog, requiring federal agencies to apply the fixes by October 4, 2024.The disclosure also comes as cybersecurity company Horizon3.ai [posted](https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/) a detailed technical analysis of a critical deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) impacting Endpoint Manager (EPM) that results in remote code execution. Found this article interesting? Follow us on [Twitter **](https://twitter.com/thehackersnews) and [LinkedIn](https://www.linkedin.com/company/thehackernews/) to read more exclusive content we post.
Related Tags:
CVE-2024-8190
NAICS: 923 – Administration Of Human Resource Programs
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 51 – Information
Blog: The Hacker News
Data Staged: Local Data Staging
Associated Indicators:
null