Critical Security Alert: Vulnerabilities Possibly in Your Network Switches
We have been informed about three zero-day vulnerabilities identified in Ivanti's Connect Secure Appliance (CSA) that are being used in a dangerous attack chain. Hackers are actively abusing these exploits in combination to take over networks and steal data.
Ivanti has acknowledged these zero-days and is offering updates to their Connect Secure Appliance to resolve this issue. The active abuse of these vulnerabilities emphasizes the importance for organizations to apply these patches immediately as we expect to see this attack chain to be abused for data theft or even ransomware.
QUICK POINTS:
- Vulnerability IDs:
- CVE-2024-9379 (CVSS score: 6.5) - SQL Injection
- CVE-2024-9380 (CVSS score: 7.2) - Remote Code Execution
- CVE-2024-9381 (CVSS score: 7.2) - Path Traversal
- CVE-2024-8963 (CVSS score: 9.1) - Path Traversal
- Severity: Critical
- Affected Product: Ivanti Connect Secure Appliance (CSA) 5.0.1 and earlier
IMMEDIATE ACTION:
- Update devices accordingly: Ensure any devices that run the Connect Secure Appliance software are up to date with the latest version
- Upgrade End-of-Life (EOL) devices: With the main devices being exploited being EOL, CSA 4.6 patch 518, admins are strongly advised to upgrade to the latest version, 5.0.2
- Review and monitor: Review appliances and devices for any indicators of compromise, specifically for any modified or newly added admin users