Ivanti has released a security update to address an admin bypass vulnerability (CVE-2024-8963) affecting Ivanti Cloud Services Appliance (CSA) version 4.6. A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190–detailed in a Sept. 13 Ivanti security advisory–to take control of an affected system. This vulnerability impacts all versions prior to patch 519.
Ivanti has confirmed limited exploitation and recommends that users upgrade to CSA version 5.0, as version 4.6 is end-of-life and no longer supported. CISA urges users and administrators review the Ivanti security advisory and apply the necessary updates.
Note: CISA has added CVE-2024-8963 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of…
CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing…
CISA released three Industrial Control Systems (ICS) advisories on October 29, 2024. These advisories provide…
CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors,…
CISA released four Industrial Control Systems (ICS) advisories on October 31, 2024. These advisories provide…
This website uses cookies.