Ivanti has issued an urgent security advisory regarding a critical authentication bypass vulnerability (CVE-2024-11639) affecting its Cloud Services Appliance (CSA) solution. The flaw, discovered by CrowdStrike’s Advanced Research Team, allows unauthorized remote attackers to obtain administrative access on systems running CSA 5.0.2 or earlier versions.
Key Points:
– Severity: Maximum
– Affected Version: CSA 5.0.2 and earlier
– Solution: Upgrade to CSA 5.0.3
– Current Status: No known exploits in the wild
Recent Security Timeline:
September 2023:
– CVE-2024-8190 (Remote Code Execution)
– CVE-2024-8963 (Admin Authentication Bypass)
October 2023:
– CVE-2024-9379 (SQL Injection)
– CVE-2024-9380 (OS Command Injection)
– CVE-2024-9381 (Path Traversal)
Additional Updates:
Ivanti has simultaneously released patches for various security vulnerabilities affecting multiple products:
– Desktop and Server Management (DSM)
– Connect Secure and Policy Secure
– Sentry
– Patch SDK
Impact:
With over 40,000 companies utilizing Ivanti’s products for system and IT asset management, this security update is crucial for maintaining organizational security. The company has enhanced its testing procedures and disclosure process to address vulnerabilities more efficiently following earlier zero-day exploits targeting their VPN appliances and various gateway products.