Tech News

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

By Viral Trending Content 3 Min Read

Dec 11, 2024Ravie LakshmananVulnerability / Network Security

CSA and Connect Secure Vulnerabilities

Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution.

The list of vulnerabilities is as follows –

  • CVE-2024-11639 (CVSS score: 10.0) – An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access
  • CVE-2024-11772 (CVSS score: 9.1) – A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution
  • CVE-2024-11773 (CVSS score: 9.1) – An SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements
  • CVE-2024-11633 (CVSS score: 9.1) – An argument injection vulnerability in Ivanti Connect Secure before version 22.7R2.4 that allows a remote authenticated attacker with admin privileges to achieve remote code execution
  • CVE-2024-11634 (CVSS score: 9.1) – A command injection vulnerability in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 that allows a remote authenticated attacker with admin privileges to achieve remote code execution
  • CVE-2024-8540 (CVSS score: 8.8) – An insecure permissions vulnerability in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 that allows a local authenticated attacker to modify sensitive application components
Cybersecurity

The shortcomings have been addressed in the below versions –

  • Ivanti Cloud Services Application 5.0.3
  • Ivanti Connect Secure 22.7R2.4
  • Ivanti Policy Secure 22.7R1.2
  • Ivanti Sentry 9.20.2, 10.0.2, and 10.1.0

While Ivanti has emphasized that it’s not aware of active exploitation of any of the aforementioned flaws, it’s imperative that users take quick action given that several flaws in its products have been abused by state-sponsored attackers for malicious activities.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

You Might Also Like

Apple AI Pin Specs Leak: Dual Cameras, No Screen & More

The diverse responsibilities of a principal software engineer

OpenAI Backs Bill That Would Limit Liability for AI-Enabled Mass Deaths or Financial Disasters

Google’s Fitbit Tease has me More Excited for Garmin’s Whoop Rival

Why the TCL NXTPAPER 14 Is One of the Best Tablets for Musicians and Sheet Music Reading

TAGGED: , , , , , , ,
Share This Article
Previous Article Federal, state judges rule against Kroger-Albertsons mega grocery merger
Next Article How to file a Fortnite refund claim with the FTC
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -

Latest News

JPMorgan CEO Jamie Dimon says he’s ‘learned and relearned’ to not make big decisions when he’s tired on Fridays
Business
Apple AI Pin Specs Leak: Dual Cameras, No Screen & More
Tech News
A ‘glass-like’ battlefield: German Army chief on the future of warfare
World News
Polymarket Sees Record $153M Daily Volume After Chainlink Integration
Crypto
Natasha Lyonne Then & Now: See Before & After Photos of the Actress Here
Celebrity
Cult Hit Doki Doki Literature Club Fights Removal From Google Play Store Over ‘Depiction Of Sensitive Themes’
Gaming News
Dead as Disco Launches Into Early Access on May 5th, Groovy New Gameplay Released
Gaming News
Lost your password?