Latest Ivanti Cloud Services Appliance Vulnerabilities (CVE-2024-11639, CVE-2024-11772, and CVE-2024-11773) #
Ivanti has issued an advisory disclosing multiple vulnerabilities in their Cloud Services Appliance product versions 5.0.2 and earlier:
- CVE-2024-11639 is rated highly critical with a CVSS score of 10.0, the highest possible score. Successful exploitation of this vulnerability would allow an attacker to bypass authentication checks and gain administrative privileges on a vulnerable system.
- CVE-2024-11772 is rated critical with a CVSS score of 9.1. Successful exploitation of this vulnerability would allow an attacker with administrative privileges to execute arbitrary code on the vulnerable system.
- CVE-2024-11773 is rated critical with a CVSS score of 9.1. Successful exploitation of this vulnerability would allow an attacker with administrative privileges to execute arbitrary code on the vulnerable system.
What is the impact? #
Successful exploitation of CVE-2024-11639 would allow an attacker to gain administrative privileges on the vulnerable system, allowing them to modify and alter configuration for the Cloud Services Appliance.
CVE-2024-11772 or CVE-2024-11773 can be combined with CVE-2024-11639 in an exploit chain that would allow a remote, unauthenticated attacker to execute arbitrary code on the system with administrative privileges, leading to potentially complete system compromise.
Are updates or workarounds available? #
Ivanti has released an update that addresses these issues and urges all customers to update as quickly as possible.
How to find potentially vulnerable systems with runZero #
From the Services Inventory, use the following query to locate systems running potentially vulnerable software:
protocol:http and html.title:="Ivanti(R) Cloud Services Appliance"September 19, 2024 (CVE-2024-8963) #
Ivanti has issued an advisory for a path traversal vulnerability discovered in their Cloud Services Appliance product.
What is the impact? #
Successful exploitation of this vulnerability would allow an unauthenticated attacker "access to restricted functionality". When combined with the vulnerability disclosed last week, an attacker could "bypass admin authentication and execute arbitrary code on the appliance".
CVE-2024-8963 is rated critical with a CVSS score of 9.4.
Note that the vendor has indicated that there is evidence that this vulnerability is being exploited in the wild.
Are updates or workarounds available? #
Ivanti has indicated that the affected version of the product, version 4.6, is End-of-Life (EOL). According to Ivanti, updates or security patches will not be made available. Customers are urged to upgrade to version 5.0.
How to find potentially vulnerable systems with runZero #
From the Services Inventory, use the following query to locate systems running potentially vulnerable software:
protocol:http and html.title:="Ivanti(R) Cloud Services Appliance"September 10, 2024 (CVE-2024-8190) #
Ivanti has issued an advisory for their Cloud Services Appliance product. Successful exploitation of this vulnerability would allow an attacker to execute arbitrary commands on the underlying operating system. Note that the attacker must be authenticated with Ivanti application administrator privileges to exploit this vulnerability.
CVE-2024-8190 is rated high with a CVSS score of 7.2.
Note that the vendor has indicated that there is evidence this vulnerability is being exploited in the wild.
Are updates or workarounds available? #
Ivanti has issued a patch for this vulnerability. Note that the affected version of the product, version 4.6, is considered end-of-life. Ivanti has indicated that no further updates or security patches will be provided for version 4.6 of this product and urges customers to upgrade to version 5.0.
How to find potentially vulnerable systems with runZero #
From the Services Inventory, use the following query to locate systems running potentially vulnerable software:
protocol:http and html.title:="Ivanti(R) Cloud Services Appliance"
