Ivanti Reports Exploitation Of Cloud Gateway Vulnerability

The high-severity flaw in Ivanti’s Cloud Service Appliance (CSA) can be used to enable remote execution of code, the vendor says.

Ivanti said Friday that a previously disclosed vulnerability in its Cloud Service Appliance (CSA) gateway has now seen exploitation by threat actors.

As of Ivanti’s disclosure Friday, attacks exploiting the high-severity flaw had only impacted a “limited number” of CSA customers, the vendor said.

[Related: Network Security Devices Are The Front Door To An IT Environment, But Are They Under Lock And Key?]

The vulnerability (tracked at CVE-2024-8190) can be used to enable unauthenticated remote execution of code on affected appliances and affects CSA version 4.6, which is no longer supported by Ivanti.

In effect, that means the issue affects all versions of the appliance prior to patch 519, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which issued an advisory Friday on the vulnerability.

“At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0,” the cybersecurity agency said in its advisory.

The OS command injection vulnerability was initially disclosed by Ivanti on Tuesday.

“Following public disclosure, Ivanti has confirmed exploitation of this vulnerability in the wild,” the vendor said. “At the time of this update, we are aware of a limited number of customers who have been exploited.”

In a statement provided to CRN Friday, Ivanti said its team is “actively working with affected customers” after observing “limited exploitation” of the vulnerability.

“We urge all customers to upgrade to CSA version 5.0, which does not contain this vulnerability,” the vendor said in the statement.

The vulnerability has received a severity rating of “high,” with its seriousness ranked at 7.2 out of 10.0.

In its advisory Friday, CISA noted that “a cyber threat actor could exploit this vulnerability to take control of an affected system.”

Ivanti CSA 4.6 is considered “end of life,” meaning that it “no longer receives patches for OS or third-party libraries,” the company said.

“Customers must upgrade to Ivanti CSA 5.0 for continued support,” the company said in its disclosure, noting that CSA 5.0 is the “only supported version” of the appliance.