InfoSecBulletin Cybersecurity for mankind
Ivanti warned that a recently fixed security flaw in its Cloud Service Appliance (CSA) is being actively exploited. CVE-2024-8190 is a high-severity vulnerability (CVSS score: 7.2) that can enable remote code execution in specific situations.
“An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution,” Ivanti noted in an advisory released earlier this week. “The attacker must have admin level privileges to exploit this vulnerability.”
Chrome 129 Released Fix with multiple Security Flaws
Broadcom fixed RCE bug in VMware vCenter Server
Cybercriminal now misuse Microsoft Azure tool to steal data
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities
CISA adds windows and whatsUp Gold vuls to its KEV
Petroleum and Fuel Industry
FleetPanda exposes Nearly One Million Documents
DESCO faces cyber attack: Customers Data Breach
Alert! Google Fixes GCP Composer Flaw
CTF in Bangladesh: Unveiling Challenges, Opportunities and remedies
Bitdefender blog post
Medusa target Fortinet flaw (CVE-2023-48788) for Ransomware Attacks
The flaw affects Ivanti CSA 4.6, which is now outdated, so customers must upgrade to a supported version. It has been fixed in CSA 4.6 Patch 519.
“With the end-of-life status this is the last fix that Ivanti will backport for this version,” the Utah-based IT software company added. “Customers must upgrade to Ivanti CSA 5.0 for continued support.”
“CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already running Ivanti CSA 5.0 do not need to take any additional action.”
On Friday, Ivanti reported confirmed exploitation of the flaw affecting a small group of customers.
No new details about the attacks or the identity of the threat actors were provided. However, several Ivanti product vulnerabilities have been exploited as zero-days by Chinese cyberespionage groups.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to implement fixes by October 4, 2024.
Horizon3.ai revealed a serious deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) in Endpoint Manager (EPM) that allows for remote code execution.
