1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Ivanti warns it has found another major security flaw in its syst

    From TechnologyDaily@1337:1/100 to All on Wednesday, December 11, 2024 14:45:04
    Ivanti warns it has found another major security flaw in its systems

    Date:
    Wed, 11 Dec 2024 14:36:00 +0000

    Description:
    The company urges users to upgrade to the latest version immediately.

    FULL STORY ======================================================================Ivanti finds 10/10 flaw in the Cloud Services Appliance It allows hackers to gain administrative privileges The bug was fixed in version 5.0.3, with users
    urged to update now

    Ivanti is warning customers an older version of its Cloud Services Appliance (CSA) solution was found vulnerable to a maximum-severity (10/10) security vulnerability, and has urged them to upgrade to the newest version as soon as possible.

    The critical flaw is described as an authentication bypass in the admin web console version CSA 5.0.2, and could allow remote, unauthenticated attackers to gain administrative privileges.

    The bug, tracked as CVE-2024-11639, was given the maximum severity score
    since it does not require any user interaction to be abused, whatsoever.

    To address the flaw, users should upgrade their appliances to version 5.0.3 - but fortunately there is still no evidence of abuse in the wild. No evidence of abuse - yet

    "We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program," Ivanti noted, adding that a PoC was not yet published anywhere. "Currently, there is no known public exploitation of
    these vulnerabilities that could be used to provide a list of indicators of compromise."

    If history is any teacher, though, critical CSA vulnerabilities end up
    getting exploited sooner or later.

    In late September 2024, it was reported that a critical path traversal vulnerability in CSA was being actively exploited in the wild to grant access to restricted product functionalities. The bug was even added to CISAs Known Exploited Vulnerabilities (KEV) catalog. It was fixed with version 5.0.

    Ivanti CSA is a platform that provides cloud-based solutions for security, automation, and operations. It integrates Ivantis various IT management capabilities into an all-encompassing cloud environment. The appliance allows businesses to streamline their IT operations, offering features such as endpoint management, patch management, software distribution, and vulnerability scanning in a cloud-based architecture.

    Via BleepingComputer You might also like Critical Ivanti Cloud Service Appliance flaw exploited in the wild Here's a list of the best antivirus
    These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ivanti-warns-it-has-found-another-major -security-flaw-in-its-systems


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)