Ivanti warns of maximum severity CSA auth bypass vulnerability Today, Ivanti warned ...

npub1zm7…pnd6

2024-12-11 07:12:16

Ivanti warns of maximum severity CSA auth bypass vulnerability

Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution.

The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike's Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path or channel.

Ivanti advises admins to upgrade vulnerable appliances to CSA 5.0.3 using detailed information available in this support document.

"We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program," the company said on Tuesday. "Currently, there is no known public exploitation of this these vulnerabilities that could be used to provide a list of indicators of compromise."

See more:
BleepingComputer :
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/

The Hacker News:
https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html

#cybersecurity #ivanti #authenticationbypass

Author Public Key

npub1zm7jduqq2nmxz5wxh4ujtm00g9vxzqa0r82yt7flvm67yje5gfaqa5pnd6

Seen on

wss://relay.nostr.band wss://relay.primal.net

Show more details

Published at

2024-12-11 07:12:16

Kind type

1 Short Text Note

Event JSON

{ "id": "9f10f31699ccc9fdad357bebd05c3aa79865317f5148ade3cc3f6f9c50082108", "pubkey": "16fd26f00054f66151c6bd7925edef41586103af19d445f93f66f5e24b34427a", "created_at": 1733901136, "kind": 1, "tags": [ [ "t", "cybersecurity" ], [ "t", "ivanti" ], [ "t", "authenticationbypass" ], [ "r", "https://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/" ], [ "r", "https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html" ] ], "content": "Ivanti warns of maximum severity CSA auth bypass vulnerability\n\nToday, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution.\n\nThe security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike's Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path or channel.\n\nIvanti advises admins to upgrade vulnerable appliances to CSA 5.0.3 using detailed information available in this support document.\n\n\"We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program,\" the company said on Tuesday. \"Currently, there is no known public exploitation of this these vulnerabilities that could be used to provide a list of indicators of compromise.\"\n\nSee more:\nBleepingComputer :\nhttps://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/\n\nThe Hacker News:\nhttps://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html\n\n#cybersecurity #ivanti #authenticationbypass", "sig": "e079d1fcb4c8e7f8fb6271e435c74cfd626640199cbe774fd351994ba3f26b486d96f5d25f655ad42b41d7b45240927f214567088138c2a06eea2da254aa3ba1" }