Ivanti disclosed that vulnerable Ivanti Cloud Service Appliance (CSA) instances, including versions 4.6 patch 518 and earlier, have been compromised in intrusions involving the exploitation of three new zero-day flaws. These are in conjunction with the critical path traversal issue, tracked as CVE-2024-8963, reports The Hacker News.
The most serious of the newly discovered bugs were a pair of high-severity issues, the first of which, tracked as CVE-2024-9380, is an operating system command injection flaw that could enable remote code execution. The second, tracked as CVE-2024-9381, is a path traversal vulnerability allowing restriction evasion among threat actors with admin privileges, according to Ivanti.
The medium severity SQL injection flaw, tracked as CVE-2024-9379, could be leveraged to facilitate arbitrary SQL statement execution. Aside from urging immediate upgrades to Ivanti CSA 5.0.2, organizations with impacted instances should examine indicators and symptoms of compromise and be mindful of endpoint detection and response (EDR) tool alerts, Ivanti said.
Ivanti's warning follows the inclusion of a critical flaw in its Endpoint Manager product, tracked as CVE-2024-29824, in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog.