Advisory 74: Ivanti CVE-2024-8190
Release Date: 14th of September 2024
Impact : HIGH / CRITICAL
TLP Rating: Clear
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.
What is it?
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
What are the Systems affected?
- Ivanti CSA (Cloud Services Application
What this means?
If Vulnerabilities are not addressed, a cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Mitigation process
CERTVU Encourages users and administrators to review the below and apply necessary security updates.
References
- Download advisory (English): Ivanti CVE-2024-8190