By - CISA and FBI issue new warning about old Ivanti flaws
- They claim the flaws are being abused in coordinated attacks
- The bugs were patched in September and October 2024, so update now
Security flaws in Ivanti Cloud Service Appliance (CSA) discovered and patched in September and October 2024 are still being used to breach networks, a new security advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), and the FBI has warned.
In the advisory, the two agencies claim threat actors are chaining together four vulnerabilities – two in one chain: CVE-2024-8963, and CVE-2024-8190, and two in another: CVE-2024-9379, and CVE-2024-9380.
“Threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks,” the two agencies said.
Compromised credentials
All of these flaws were being abused while they were zero-days – and at the time, CISA added them to its catalog of exploited vulnerabilities (KEV), forcing federal agencies to patch up within three weeks. Therefore, it’s safe to assume that the majority of the newer victims are in the private sector.
The agencies have, once again, repeated their earlier calls for upgrades, and urged network administrators to be on the lookout for signs of compromise.
“Credentials and sensitive data stored within the affected Ivanti appliances should be considered compromised,” they added. “Organizations should collect and analyze logs and artifacts for malicious activity and apply the incident response recommendations within this advisory.”
Ivanti is an American IT software company, specializing in IT security, service management, asset management, and more. As of 2023, Ivanti employed approximately 3,070 people, and claims more than 40,000 organizations worldwide are using its services.
In 2024, Ivanti experienced several cybersecurity incidents, including a January 2024 report indicating that Chinese government hackers used its software to target organizations. One such group is tracked as UNC5221, and was believed to have compromised thousands of Ivanti VPN devices, with CISA being among the victims.
Via BleepingComputer
