Ivanti has issued critical software updates to address several severe vulnerabilities in its Cloud Services Application (CSA).
These vulnerabilities tracked as CVE-2024-11639, CVE-2024-11772, and CVE-2024-11773, affect CSA versions 5.0.2 and earlier.
Without mitigation, these flaws could allow malicious attackers to bypass authentication, execute remote code, and manipulate databases, posing significant risks to organizations relying on CSA for endpoint management.
CVE-2024-11639: Authentication Bypass
This critical vulnerability has been assigned a CVSS score of 10.0. It allows an unauthenticated attacker to bypass authentication mechanisms in the admin web console of CSA.
Exploiting this flaw grants the attacker full administrative access, potentially enabling them to take complete control of the system. The vulnerability is particularly dangerous because it does not require any prior privileges or user interaction.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
CVE-2024-11772: Command Injection
With a CVSS score of 9.1, this vulnerability impacts administrators who already have elevated privileges on the CSA console.
It allows an attacker to execute arbitrary commands remotely via command injection, potentially leading to remote code execution.
While this flaw requires authenticated access, exploiting it could result in serious damage to system integrity and functionality.
CVE-2024-11773: SQL Injection
This critical vulnerability also rated 9.1 on the CVSS scale, enables attackers with admin privileges to perform SQL injection on the system.
By exploiting this flaw, malicious actors can execute arbitrary SQL queries, which may compromise the confidentiality, integrity, or availability of the system’s databases.
This could result in unauthorized access to sensitive information or disruption of database operations.
Affected Versions
The following table outlines the impacted and resolved versions of CSA:
| Product | Impacted Version(s) | Resolved Version | Patch Availability |
| Ivanti Cloud Services Application | 5.0.2 and earlier | 5.0.3 | Available on the Ivanti Download Portal |
Ivanti strongly advises all customers using CSA 5.0.2 or earlier to upgrade to version 5.0.3 immediately.
The patched version is available for download from the Ivanti Download Portal. Customers can refer to the documentation titled “Get Started with the Ivanti Cloud Service Application 5.0 for Endpoint Manager” for detailed instructions on the upgrade process.
Ivanti stated that, as of the disclosure date, there is no known evidence that these vulnerabilities have been exploited in the wild.
However, given the critical nature of CVE-2024-11639, which allows unauthenticated administrative access, the potential for exploitation remains high.
Organizations should prioritize this update to safeguard their systems and prevent potential unauthorized access or data breaches.
These vulnerabilities underscore the importance of timely patch management and proactive security measures.
Ivanti’s quick response in addressing these issues highlights its commitment to protecting customers. Users are urged to act immediately to ensure their systems remain secure.
Investigate Real-World Malicious Links,Malware & Phishing Attacks With ANY.RUN - Try for Free
As California grapples with devastating wildfires, communities are rallying to protect lives and property. Unfortunately,…
AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024…
Botnets are the networks of compromised devices that have evolved significantly since the internet's inception.…
The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to develop…
A significant cybersecurity threat has emerged, threatening the integrity of thousands of PHP-based web applications.…
A significant security vulnerability has been identified in the W3 Total Cache plugin for WordPress,…