Ivanti Points Important Safety Updates for CSA and Join Safe Vulnerabilities

December 11, 2024

Ivanti has launched security updates to deal with a number of important flaws in its Cloud Providers Software (CSA) and Join Safe merchandise that would result in privilege escalation and code execution.

The listing of vulnerabilities is as follows –

CVE-2024-11639 (CVSS rating: 10.0) – An authentication bypass vulnerability within the admin net console of Ivanti CSA earlier than 5.0.3 that enables a distant unauthenticated attacker to realize administrative entry

CVE-2024-11772 (CVSS rating: 9.1) – A command injection vulnerability within the admin net console of Ivanti CSA earlier than model 5.0.3 that enables a distant authenticated attacker with admin privileges to attain distant code execution

CVE-2024-11773 (CVSS rating: 9.1) – An SQL injection vulnerability within the admin net console of Ivanti CSA earlier than model 5.0.3 that enables a distant authenticated attacker with admin privileges to run arbitrary SQL statements

CVE-2024-11633 (CVSS rating: 9.1) – An argument injection vulnerability in Ivanti Join Safe earlier than model 22.7R2.4 that enables a distant authenticated attacker with admin privileges to attain distant code execution

CVE-2024-11634 (CVSS rating: 9.1) – A command injection vulnerability in Ivanti Join Safe earlier than model 22.7R2.3 and Ivanti Coverage Safe earlier than model 22.7R1.2 that enables a distant authenticated attacker with admin privileges to attain distant code execution

CVE-2024-8540 (CVSS rating: 8.8) – An insecure permissions vulnerability in Ivanti Sentry earlier than variations 9.20.2 and 10.0.2 or 10.1.0 that enables a neighborhood authenticated attacker to change delicate software parts

The shortcomings have been addressed within the under variations –

Ivanti Cloud Providers Software 5.0.3
Ivanti Join Safe 22.7R2.4
Ivanti Coverage Safe 22.7R1.2
Ivanti Sentry 9.20.2, 10.0.2, and 10.1.0

Whereas Ivanti has emphasised that it isn’t conscious of energetic exploitation of any of the aforementioned flaws, it is crucial that customers take fast motion provided that a number of flaws in its merchandise have been abused by state-sponsored attackers for malicious actions.

- Advertisment -

Ivanti Points Important Safety Updates for CSA and Join Safe Vulnerabilities

Microsoft Credit EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Home windows Flaws

Cyber businesses urge organizations to collaborate to cease quick flux DNS assaults

Ivanti warns prospects of latest important flaw exploited within the wild

LEAVE A REPLY Cancel reply

Most Popular

1000’s of Juniper gadgets susceptible to unauthenticated RCE flaw

Why Instagram Threads is a hotbed of dangers for companies

Phishing Campaigns Ship New SideTwist Backdoor and Agent Tesla Variant

PixieFail flaws affect PXE community boot in enterprise techniques

Prospects warned to cancel bank cards

Telesign launches built-in API to mix conventional id verification channels

PixieFail UEFI Flaws Expose Tens of millions of Computer systems to RCE, DoS, and Data Theft

EDITOR PICKS

SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Earlier than Main Breach

Immediate Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers

POPULAR News

1000’s of Juniper gadgets susceptible to unauthenticated RCE flaw

Why Instagram Threads is a hotbed of dangers for companies

Phishing Campaigns Ship New SideTwist Backdoor and Agent Tesla Variant

POPULAR TAGS

POPULAR Tags

POPULAR Tags

ABOUT US

FOLLOW US