Critical Flaws Found in Ivanti Products: Urgent Patching Needed
Ivanti, a prominent provider of endpoint management and security solutions, has recently released critical security updates to address multiple vulnerabilities found in its Cloud Services Application (CSA), Connect Secure, and Sentry products. These flaws, which could enable privilege escalation and code execution, pose a serious risk to organizations relying on these applications.
Vulnerability Details:
The vulnerabilities collectively detailed in the Ivanti advisories include:
- Authentication Bypass: CVE-2024-11639 in Ivanti CSA allows unauthenticated remote attackers to gain administrative access.
- Command Execution: CVE-2024-11772 and CVE-2024-11634 in Ivanti CSA and Connect Secure respectively, allow attackers to run arbitrary code remotely if granted admin privileges.
- SQL Injection: CVE-2024-11773 in Ivanti CSA allows attackers with admin privileges to execute malicious SQL queries.
- Insecure Permissions: CVE-2024-8540 in Ivanti Sentry allows local users with valid credentials to modify sensitive application components.
Affected Products And Patches:
Ivanti has released updated versions of affected products to address these vulnerabilities. Users are strongly urged to upgrade to the following versions as soon as possible:
- Ivanti Cloud Services Application: 5.0.3
- Ivanti Connect Secure: 22.7R2.4
- Ivanti Policy Secure: 22.7R1.2
- Ivanti Sentry: 9.20.2, 10.0.2, and 10.1.0
Prioritizing Patching:
While Ivanti has stated that it is not aware of any active exploitation of these vulnerabilities, history suggests that critical flaws often become targets for malicious actors. Remember, Ivanti products have been previously exploited by state-sponsored attackers, making immediate patching of paramount importance.
Urgent Action Required:
Users of Ivanti CSA, Connect Secure, Policy Secure, and Sentry are strongly advised to prioritize these security updates and apply them without delay. Failing to do so leaves your systems vulnerable to potentially devastating attacks.
Stay Informed:
For the most up-to-date information on security threats and vulnerabilities, visit our website or follow us on Twitter and LinkedIn. Your security is our priority.
