Ivanti has revealed that a newly fixed security flaw in its Cloud Service Appliance (CSA) has been exploited in the wild.
The high severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which could allow remote code execution under certain circumstances.
“An OS command injection vulnerability in Ivanti Cloud Services Appliance version 4.6 Patch 518 and earlier could allow a remote authenticated attacker to obtain remote code execution,” Ivanti noted in an advisory released earlier this week. “To exploit this vulnerability, an attacker would need to have administrator-level privileges.”
This flaw affects Ivanti CSA 4.6, which is now out of support and requires customers to upgrade to a supported version going forward, but the issue is resolved in CSA 4.6 patch 519.
“This is the last fix that Ivanti will backport to this version due to end of support,” the Utah-based IT software company added. “Customers should upgrade to Ivanti CSA 5.0 to continue receiving support.”
“CSA 5.0 is the only supported version and does not contain this vulnerability. Customers already running Ivanti CSA 5.0 do not need to take any additional action.”
On Friday, Ivanti updated its advisory, noting that it had observed exploitation of the vulnerability targeting a “limited number of customers.”
No further details about the attack or the identities of the threat actors who weaponized it have been released, but a number of other vulnerabilities in Ivanti products have been exploited in zero-day attacks by China-linked cyberespionage groups.
In response to this incident, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog and mandated that federal agencies patch it by October 4, 2024.
The disclosure comes at the same time that cybersecurity firm Horizon3.ai posted a detailed technical analysis of a critical deserialization vulnerability (CVE-2024-29847, CVSS score: 10.0) affecting Endpoint Manager (EPM) and leading to remote code execution.