Security News > 2024 > September > Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
2024-09-20 04:18
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was "incidentally addressed" by the company as part of CSA 4.6 Patch 519 and CSA 5.0. "Path Traversal in the Ivanti CSA before 4.6 Patch
News URL
https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html
Related news
- U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- FortiManager critical vulnerability under active attack (source)
- Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation (source)
- AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-19 | CVE-2024-8963 | Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | 9.1 |