CISA warns of hackers exploiting bug for end-of-life Ivanti product

Ivanti's Cloud Service Appliance has a "high severity vulnerability" being exploited in the wild.

September 13, 2024

(Getty Images)

An end-of-life version of Ivanti’s cloud IT service management software has a recently released vulnerability that the Cybersecurity and Infrastructure Security Agency says is being exploited.

CISA warned that organizations outfitted with Ivanti’s Cloud Service Appliance version 4.6 and below are being targeted by hackers and the bug has been added to the known exploited vulnerabilities (KEV) list. The Utah-based company said on Friday that a “limited number of customers” have confirmed exploitation but did not provide further details.

Additionally, the bug is the last to be ported to the end-of-life version, Ivanti said, so organizations should update to CSA 5.0 for further security updates. The bug — an OS command injection vulnerability — allows a hacker with admin rights in the software to gain remote code execution of the device.

“CSA 5.0 is the only supported version and does not contain this vulnerability,” Ivanti noted. Additionally, Ivanti said “CSA configurations should be dual-homed with eth0 as an internal network.”

The vulnerability — CVE-2024-8190 — was first released to the public Sept. 10 and at the time there were no known public exploits. To find evidence of compromise, Ivanti suggests reviewing CSA for new admin users.

Federal civilian agencies are required to mitigate the vulnerability within 60 days after being added to the KEV list.