Attacks leveraging Ivanti CSA vulnerability ongoing

Intrusions exploiting a recently addressed high-severity operating system command injection flaw in Ivanti Cloud Service Appliance, tracked as CVE-2024-8190, have already compromised a "limited number" of users, reports The Hacker News.

Additional details regarding the attacks and their perpetrators have not been provided but the vulnerability, which impacts Ivanti CSA 4.6 that has recently reached end-of-life, could be leveraged to enable remote code execution, according to Ivanti, which urged immediate upgrades to Ivanti CSA 5.0. Active attacks targeted at vulnerable Ivanti CSA instances have prompted the flaw's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the issue by October 4. Such a development comes amid a Horizon3.ai report detailing an already-patched maximum severity deserialization bug in Ivanti Endpoint Manager, tracked as CVE-2024-29847, which could also be leveraged to facilitate remote code execution.