Overview
CISA and FBI report persistent exploitation of four critical Ivanti CSA vulnerabilities despite patches released since September 2023. The vulnerabilities enable authenticated access bypass and remote code execution, affecting over 40,000 organizations worldwide. Attackers are actively chaining multiple CVEs
Whom it may concern
- Network Security Administrators
- IT Infrastructure Teams
- Security Operations Centers
- Risk Management Teams
- Compliance Officers
Key Findings
- Multiple vulnerability chains identified:
* CVE-2024-8963 + CVE-2024-8190 + CVE-2024-9380
* CVE-2024-8963 + CVE-2024-9379
- Successful lateral movement observed in confirmed compromises
- Credentials and sensitive data considered compromised
Risk Analysis
- Probability: High (active exploitation observed)
- Impact: Critical (potential full network compromise)
- Attack Complexity: Low (public exploits available)
- Required Privileges: None (authentication bypass possible)
Action Items
- Immediately upgrade to latest supported Ivanti CSA version
- Implement network segmentation for affected appliances
- Rotate all stored credentials
- Deploy enhanced monitoring for lateral movement
- Conduct thorough incident response using provided IOCs
- Review and update disaster recovery plans
Sources
- [Bleeping Computer](https://www.bleepingcomputer.com/news/security/cisa-hackers-still-exploiting-older-ivanti-bugs-to-breach-networks/)
