Ivanti CSA Path Traversal (CVE-2024-8963/CVE-2024-8190)
Description
Ivanti Cloud Services Appliance (CSA) contains a critical path traversal vulnerability (CVE-2024-8963) that allows unauthenticated remote attackers to bypass authentication and access restricted administrative functionality. This vulnerability can be chained with a separate remote code execution vulnerability (CVE-2024-8190) to achieve full system compromise. These vulnerabilities have been actively exploited in the wild by suspected nation-state actors.
Remediation
Apply the following remediation steps immediately based on your CSA version:
1. For Ivanti CSA 4.6: Upgrade to CSA 4.6 Patch 519 or later as soon as possible.
2. For Ivanti CSA 5.0: This version is End of Life (EOL) and no patches are available. Migrate to CSA 4.6 Patch 519 or later immediately.
3. Verify patching: After applying updates, confirm the patch version through the CSA administrative interface.
4. Incident response: Review system logs for indicators of compromise, as these vulnerabilities have been exploited in the wild. Look for unusual authentication patterns, unexpected administrative access, or suspicious file modifications.
5. Network controls: If immediate patching is not possible, restrict network access to the CSA administrative interface to trusted IP addresses only as a temporary mitigation measure.