Ivanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control of an affected system. Â

At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0. Ivanti no longer supports CSA 4.6 (end-of-life).Â

CISA recommends users and administrators review the Ivanti security advisory and apply the recommended updates.Â

Note: CISA has added CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.Â

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Fake Lawsuit Threat Exposes Privnote Phishing Sites

April 4, 2024 0 Comments 0 tags

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software

Read More

Espionage with a Drone

June 6, 2024 0 Comments 0 tags

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone.

Read More

Friday Squid Blogging: Squid Cartoon

June 14, 2024 0 Comments 0 tags

Squid humor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Read More