Threat Signal Report

Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability

What is the Vulnerability?	An OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) version 4.6 allows an authenticated attacker to remotely execute code. The attacker must have admin level privileges to exploit the vulnerability tagged as CVE-2024-8190 and successful exploitation could lead to unauthorized access to the device running the CSA. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) list on September 13, 2024.
What is the recommended Mitigation?	At this time, Ivanti has confirmed limited exploitation and urges its customers to upgrade to CSA version 5.0 for continued support. Ivanti no longer supports CSA 4.6 which has reached end-of-life. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190
What FortiGuard Coverage is available?	FortiGuard Labs recommends users to apply the patches released by the vendor to secure their systems and follow their system hardening guidelines. The FortiGuard Incident Response team can be engaged to help with any suspected compromise. FortiGuard Labs has available IPS protection: "Ivanti.Cloud.Service.Appliance.datetime.Command.Injection" to detect and block any attack attempts targeting the vulnerability (CVE-2024-8190)

Outbreak Alert

Threat actors chained and exploited multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance). If successful, this could lead an attacker to gain admin access, obtain credentials, bypass security measures, run arbitrary SQL commands, and execute code remotely.

View the full Outbreak Alert Report