InfoSecBulletin Cybersecurity for mankind
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory to highlight the active exploitation of severe vulnerabilities in Ivanti Cloud Service Appliances (CSA). The vulnerabilities—CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380—were targeted by threat actors in September 2024, leading to compromises of victim networks.
The vulnerabilities being exploited include:
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
Registration open for ‘𝐔𝐀𝐏 𝐂𝐘𝐁𝐄𝐑 𝐒𝐈𝐄𝐆𝐄 𝟐𝟎𝟐𝟓’
Samsung phone is saving your passwords in plain text
CVE-2024-8963: An administrative bypass vulnerability (Path Traversal) that allows unauthorized access to restricted features of the appliance.
CVE-2024-8190: An OS command injection vulnerability enabling threat actors to authenticate remotely and execute arbitrary commands.
CVE-2024-9379: A SQL injection vulnerability permitting attackers with administrative privileges to run malicious SQL statements.
CVE-2024-9380: A command injection vulnerability allowing remote code execution (RCE) when exploited by attackers with admin privileges.
Affected Versions:
Vulnerabilities CVE-2024-8963, CVE-2024-8190, and CVE-2024-9380 impact Ivanti CSA 4.6x versions prior to build 519.CVE-2024-9379 and CVE-2024-9380 additionally affect CSA versions 5.0.1 and below.
It’s important to note that Ivanti CSA 4.6 has reached its end-of-life (EOL) and no longer receives security patches or updates. Users of version 4.6 are strongly encouraged to upgrade to a supported version to reduce these security risks.
CISA and FBI recommend upgrading to the latest supported Ivanti CSA version, deploying Endpoint Detection and Response (EDR) solutions, logging network activity to spot suspicious behavior, and ensuring regular patching of operating systems, software, and firmware within 24-48 hours of vulnerability disclosures.
