Few vulnerable Ivanti Cloud Service Appliance instances versions 4.6 patch 518 and earlier were disclosed by Ivanti to have been compromised in intrusions involving the exploitation of three new zero-day flaws in conjunction with the critical path traversal issue, tracked as CVE-2024-8963, reports The Hacker News.
Most serious of the newly discovered bugs were a pair of high-severity issues, the first of which, tracked as CVE-2024-9380, is an operating system command injection flaw that could enable remote code execution, while the second, tracked as CVE-2024-9381, is a path traversal vulnerability allowing restriction evasion among threat actors with admin privileges, according to Ivanti. On the other hand, the medium severity SQL injection flaw, tracked as CVE-2024-9379, could be leveraged to facilitate arbitrary SQL statement execution. Aside from urging immediate upgrades to Ivanti CSA 5.0.2, organizations with impacted instances have also been recommended to examine compromise symptoms and be mindful of endpoint detection and response tool alerts. Ivanti's warning follows the inclusion of a critical flaw in its Endpoint Manager product, tracked as CVE-2024-29824, in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog.
