Horizon3.ai Chief Attack Engineer Zach Hanley has just published “CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability”
Ivanti’s advisory reads: Ivanti has released a security update for Ivanti CSA 4.6 which addresses a high severity vulnerability. Successful exploitation could lead to unauthorized access to the device running the CSA. Dual-homed CSA configurations with ETH-0 as an internal network, as recommended by Ivanti, are at a significantly reduced risk of exploitation.
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
Zach said: “The description definitely sounds like it may have the opportunity for accidental exposure given the details around misconfigurations of the external versus internal interfaces.”
His investigation details how, putting together the pieces, Zach and team achieved a command injection exploit, and looks at Ivanti’s configuration guidance for insight into how some of their clients were being exploited in the wild. Zach’s post also includes indicators of compromise.
Links:
CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection/
Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190): https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
CISA KEV – Ivanti Cloud Services Appliance OS Command Injection Vulnerability: https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-adds-one-known-exploited-vulnerability-catalog
Like this:
Like Loading...
Related
This entry was posted on September 16, 2024 at 12:22 pm and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Horizon3.ai Publishes Details On An Ivanti Cloud Services Appliance Vulnerability
Horizon3.ai Chief Attack Engineer Zach Hanley has just published “CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability”
Ivanti’s advisory reads: Ivanti has released a security update for Ivanti CSA 4.6 which addresses a high severity vulnerability. Successful exploitation could lead to unauthorized access to the device running the CSA. Dual-homed CSA configurations with ETH-0 as an internal network, as recommended by Ivanti, are at a significantly reduced risk of exploitation.
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
Zach said: “The description definitely sounds like it may have the opportunity for accidental exposure given the details around misconfigurations of the external versus internal interfaces.”
His investigation details how, putting together the pieces, Zach and team achieved a command injection exploit, and looks at Ivanti’s configuration guidance for insight into how some of their clients were being exploited in the wild. Zach’s post also includes indicators of compromise.
Links:
CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability: https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection/
Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190): https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
CISA KEV – Ivanti Cloud Services Appliance OS Command Injection Vulnerability: https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-adds-one-known-exploited-vulnerability-catalog
Share this:
Like this:
Related
This entry was posted on September 16, 2024 at 12:22 pm and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.