ASD’s ACSC launches ACT NOW alert on the new Ivanti CSA 4.6 vulnerability
Ivanti says active exploitation is already being seen, while the ACSC recommends an immediate upgrade.
The Australian Cyber Security Center of the Australian Signals Directorate has issued a CRITICAL ALERT: ACT NOW notice warning of a dangerous vulnerability in Ivanti CSA 4.6, a cloud service appliance.
CVE-2024-8963 allows administrative bypass/path traversal in versions of Ivanti CSA 4.6 before patch 519.
According to Ivanti, the company “is aware of a limited number of customers who have been exploited by this vulnerability.”
Exploitation of the vulnerability could lead to unauthenticated threat actors gaining access to restricted features on the affected device.
However, the vulnerability can be used in conjunction with another CVE.
“If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker can bypass administrator authentication and execute arbitrary commands on the device,” Ivanti said in its September 19 security advisory.
Both Ivanti and ACSC note that Ivanti CSA 4.6 has reached end of life and recommend users upgrade to CSA 5.0 immediately.