- The CISA and the FBI issues a new warning concerning the old flaws of Ivanti
- They claim that the flaws are used during coordinated attacks.
- The bugs were corrected in September and October 2024, so update now
Safety flaws in Ivanti Cloud Service Appliance (CSA) Discovered and corrected in September and October 2024 are still used to hack networks, according to a new safety notice from the American Cybersecurity and Infrastructure Safety Agency (CISA) and FBI.
In the opinion, the two agencies claim that the malicious actors bring together four vulnerabilities: two in a chain: CVE-2024-8963 and CVE-2024-8190, and two in another: CVE-2024-9379 and CVE-2024- . 9380.
“The malicious actors have chained the vulnerabilities listed to obtain initial access, carry out remote code execution (RCE), obtain identification information and set up webshells on victims networks,” said the two agencies.
Compromise identifiers
All these flaws were exploited while they were zero -day type – and at the time, CISA added them to its catalog of exploited vulnerabilities (KEV), forcing federal agencies to correct them within three weeks . We can therefore reasonably assume that the majority of new victims belong to the private sector.
The agencies have, once again, reiterated their previous calls in favor of upgrades and urged network administrators to be on the lookout for signs of compromise.
“Identification information and sensitive data stored in the Ivanti appliances concerned must be considered compromised,” they added. “Organizations must collect and analyze newspapers and artefacts looking for malicious activities and apply the recommendations for response to the incidents in this opinion.”
Ivanti is an American computer software company, specializing in IT security, services management, asset management, etc. In 2023, Ivanti employed around 3,070 people and said that more than 40,000 organizations worldwide use its services.
In 2024, Ivanti experienced several cybersecurity incidents, including a January 2024 report indicating that IT pirates of the Chinese government used its software to target organizations. One of these groups is followed under the name of UNC5221 and would have compromised thousands of Ivanti VPN peripherals, Cisa being part of the victims.
Via Appraiser
