A new vulnerability known as CVE-2024-8190 is affecting Ivanti Cloud Services Appliance (CSA) and is being actively exploited. This OS command injection vulnerability allows a remote, authenticated attacker to execute arbitrary commands on the system. Review the details in this Cybersecurity Threat Advisory to limit its impact.
What is the threat?
The flaw has a CVSS score of 7.2 and resides in Ivanti CSA version 4.6, which has reached End-of-Life (EOL) but remains widely used. Attackers with admin privileges can leverage this vulnerability to inject malicious commands via the system’s OS, giving them the ability to execute commands with the same privileges as the CSA host machine.
Why is it noteworthy?
Exploitation in the wild has already been reported. If successfully exploited, the attacker could gain remote code execution (RCE) privileges and potentially full control of the affected device. This could lead to data theft, disruption of services, and other serious consequences.
What is the exposure or risk?
The vulnerability allows attackers to compromise systems entirely if they can authenticate remotely. This leads to potential data breaches, lateral movement within networks, and escalation to other connected systems.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of this command injection vulnerability:
- Upgrade to Ivanti CSA version 5.0.
- Apply patch 519 to mitigate the vulnerability in version 4.6 if an upgrade to version 5.0 is not immediately feasible.
- Ensure automatic updates are enabled to stay protected from future vulnerabilities.
- Monitor your system logs and configurations for signs of compromise.
- Implement strong access controls for the CSA appliance, including requiring strong passwords and multi-factor authentication.
Reference
For more in-depth information about the recommendations, please visit the following link:
If you have any questions, please contact our Security Operations Center.
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.