Ivanti Problems Essential Safety Updates for CSA and Attach Protected Vulnerabilities

Dec 11, 2024 Ravie LakshmananVulnerability / Community Safety Ivanti Problems Essential Safety Updates for CSA and Attach Protected Vulnerabilities
Ivanti has launched safety updates to handle a number of vulnerabilities within the Cloud Products and services Software (CSA) and Attach Protected merchandise that might result in high-risk and deadly code assaults. The record of vulnerabilities is as follows – CVE-2024-11639 (CVSS rating: 10.0) – An authentication bypass vulnerability within the admin internet console of Ivanti CSA prior to 5.0.3 permits a faraway attacker to realize administrative get entry to CVE-2024- 11772 (CVSS rating: 9.1) – Command injection vulnerability within the admin internet console of Ivanti CSA prior to the model of five.0.3 which permits an authenticated faraway attacker with admin privileges to execute faraway code execution CVE-2024-11773 (CVSS rating: 9.1) – SQL injection vulnerability within the admin internet console of Ivanti CSA prior to model 5.0.3 which permits an authenticated faraway attacker with arbitrary SQL execution get entry to CVE-2024-11633 (CVSS rating: 9.1) – Injection vulnerability in Ivanti Attach Protected prior to model 22.7R2.4 which permits a faraway attacker with admin privileges to put in force CVE-2024-11634 (CVSS rating: 9.1) – Command injection vulnerability in Ivanti Attach Secure model previous to 22.7R2.3 and Ivanti Coverage Safety previous to model 22.7R1.2 which permits a licensed faraway attacker with admin privileges to execute faraway code execution CVE-2024-8540 (CVSS rating: 8.8) – Unprotected permissions vulnerability in Ivanti Sentry prior to variations 9.20. .2 and 10.0.2 or 10.1.0 which permits an authenticated native attacker to change the applying’s confidential knowledge

Insects were addressed within the variations beneath – Ivanti Cloud Products and services Software 5.0.3 Ivanti Attach Protected 22.7R2.4 Ivanti Coverage Protected 22.7R1.2 Ivanti Sentry 9.20.2, 10.0.2, and 10.1.0 When Ivanti emphasised that it does now not know the way to make use of paintings smartly any of the mistakes discussed above, and It will be significant for customers to take instant motion taking into account that a number of mistakes in its merchandise were used malpractices and those that are supported through the federal government in unhealthy eventualities.