Ivanti has released a security update to address an admin bypass vulnerability (CVE-2024-8963) affecting Ivanti Cloud Services Appliance (CSA) version 4.6.  A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190–detailed in a Sept. 13 Ivanti security advisory–to take control of an affected system. This vulnerability impacts all versions prior to patch 519.

Ivanti has confirmed limited exploitation and recommends that users upgrade to CSA version 5.0, as version 4.6 is end-of-life and no longer supported. CISA urges users and administrators review the Ivanti security advisory and apply the necessary updates.Â

Note: CISA has added CVE-2024-8963 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.  
Â

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

CISOs Reveal Firms Prioritize Savings Over Long-Term Security

June 27, 2024 0 Comments 0 tags

The data from Bugcrowd also reveals 40% of them think most firms don’t understand breach risks

Read More

FCC Fines Carriers $200m For Selling User Location Data

April 30, 2024 0 Comments 0 tags

Some of America’s biggest wireless carriers illegally sold customer location, says FCC

Read More

Indonesia is a Spyware Haven, Amnesty International Finds

May 3, 2024 0 Comments 0 tags

Amnesty International found in Indonesia a murky ecosystem of surveillance suppliers, brokers and resellers that obscures the sale and transfer of surveillance technology

Read More