virus logo Threat Signal Report

Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability (CVE-2024-8190)

Description

What is the Vulnerability?

An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must have admin level privileges to exploit the vulnerability tagged as CVE-2024-8190 and successful exploitation could lead to unauthorized access to the device running the CSA. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list on September 13, 2024.

What is the recommended Mitigation?

At this time, Ivanti has confirmed limited exploitation and urges its customers to upgrade to CSA version 5.0 for continued support. Ivanti no longer supports CSA 4.6 which has reached end-of-life. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190

What FortiGuard Coverage is available?

  • FortiGuard Labs recommends users to apply the patches released by the vendor to secure their systems and follow their system hardening guidelines.

  • The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

  • FortiGuard Labs has available IPS protection: "Ivanti.Cloud.Service.Appliance.datetime.Command.Injection" to detect and block any attack attempts targeting the vulnerability (CVE-2024-8190)

Appendix

Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190)
Intrusion Prevention | FortiGuard Labs


Date Sep 13, 2024
CVE ID CVE-2024-8190
Threat/
Vulnerability		 Vulnerability
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services