Three vulnerabilities have been identified in Ivanti Cloud Services Application (CSA). The vulnerabilities include unauthenticated access to the admin web console, as well as command and SQL injections. The vulnerabilities (CVE-2024-11639, CVE-2024-11772, CVE-2024-11773) have CVSSv3.1 scores from 9.1 to 10.0 out of 10.
Description:
The recently patched trio of vulnerabilities are all of critical severity and concern the admin web console of CSA. The highest severity one, CVE-2024-11639, allows network users to fully circumvent any authentication or user interaction and sign in with full administrator privileges, giving it the maximum CVSS score of 10.
While the company states that none of the vulnerabilities have been seen as exploited in the wild, it is highly likely attackers are already working on taking advantage of the weaknesses—especially the maximum severity one—for their ease of use and significant gains. Thus, we highly encourage prompt upgrading of the application.
Affected Versions:
Ivanti Cloud Services Application (CSA) versions 5.0.2 and prior are vulnerable to the attacks.
Recommendations:
- Promptly upgrade Ivanti CSA installations to version 5.0.3 or later.
- Examine application logs to ensure no unauthorized access has already taken place.
- Ensure automatic updates are enabled for future instances whenever possible.
