Patch now! Attackers attack Ivanti Cloud Service Appliance
Attackers are currently attacking Ivanti Cloud Service Appliances with malicious code. For this to work, however, the conditions must be right.
(Image: solarseven/Shutterstock.com)
Network admins should update their Cloud Service Appliances (CSA) from Ivanti as soon as possible. The manufacturer is currently warning of observed attacks. However, attacks are not possible without further ado. Security updates are available for download.
The Ivanti Internet appliance manages the Internet access of devices and is designed to ensure secure communication.
Malicious code loophole
In an updated warning message, Ivanti writes of attacks on a "limited" number of customers. They do not currently provide specific figures. To detect attacks that have already occurred, admins should keep an eye out for modified or new admin accounts.
The vulnerability (CVE-2024-8190"high") has been known since last week. The US Cybersecurity & Infrastructure Security Agency (CISA) has now also included the vulnerability in its catalog of exploited vulnerabilities.
Security update
In order for remote attackers to exploit the vulnerability, they must already have admin rights. If this is the case, they can execute malicious code and compromise appliances.
The developers state that all versions up to and including CSA 4.6 are at risk. The versions CSA 4.6 Patch 519 or CSA 5.0 provide a remedy. Ivanti would like to point out that support for CSA 4.6 has expired and that this patch is the last security update. An upgrade to CAS 5.0 will be due in the future.
Ivanti explains that admins who use CSA with a dual-homed configuration with ETH-0 as the internal network are exposed to a significantly lower risk of attack. The manufacturer recommends this configuration as standard to protect appliances.
(des)
