Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances

Date:


Threat actors have been actively exploiting chained vulnerabilities in Ivanti Cloud Service Appliances (CSA), significantly amplifying the impact of their cyber-attacks.

The vulnerabilities—CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380—were leveraged in September 2024 to breach systems, execute remote code (RCE), steal credentials and deploy webshells on victim networks.

Exploiting Chained Vulnerabilities

According to a joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), attackers used two distinct exploit chains to achieve their objectives:

  • The first chain combined CVE-2024-8963, an administrative bypass vulnerability, with CVE-2024-8190 and CVE-2024-9380, both RCE vulnerabilities

  • The second chain exploited CVE-2024-8963 alongside CVE-2024-9379, a SQL injection vulnerability

“CISA, and the use of trusted third-party incident response data, found that threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials and implant webshells on victim networks,” the agency wrote.

The advisory underscores how this chaining technique makes the attacks more dangerous and difficult to defend against.

Read more on techniques used by APTs: PlushDaemon APT Targeted South Korean VPN Software

Mitigation and Recommendations

To address the threat, CISA and the FBI strongly recommended that organizations using Ivanti CSA immediately:

  • Upgrade to the latest supported version to patch known vulnerabilities

  • Monitor for indicators of compromise (IOCs) provided in the advisory

  • Treat any credentials stored on compromised systems as potentially exposed

“CISA and FBI strongly encourage network administrators and defenders to upgrade to the latest supported version of Ivanti CSA and to hunt for malicious activity on their networks using the detection methods and indicators of compromise (IOCs) provided in the advisory.” the agencies added.

It’s especially critical to note that Ivanti CSA version 4.6 has reached end-of-life and no longer receives security updates, leaving it highly vulnerable to exploitation. Administrators are urged to prioritize replacing unsupported versions to ensure protection against emerging threats.

CISA also advised implementing security measures such as multifactor authentication, timely patching and endpoint monitoring to strengthen defenses.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More like this
Related

Academy Match Report: Manchester United u21s 5-1 West Bromwich Albion u21s – Man United News And Transfer News

1 Manchester United u21s hosted West Bromwich Albion at...

U.S. Arrests 2nd Person Tied to Pro-Palestinian Protests at Columbia

A second person who took part in pro-Palestinian...

Finnish court convicts Russian man for war crimes in Ukraine | Russia-Ukraine war News

Finnish court sentences Russian fighter to life imprisonment...