{"id":135839,"date":"2024-12-11T14:36:15","date_gmt":"2024-12-11T07:36:15","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=135839"},"modified":"2024-12-11T14:36:15","modified_gmt":"2024-12-11T07:36:15","slug":"ivanti-issues-critical-security-updates-for-csa-and-connect-secure-vulnerabilities","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=135839","title":{"rendered":"Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Dec 11, 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_7_hdHA3yO2YFhzBXNM9Zq2unWJ5k1MSHN1ZAWlQnDUQwPpFur6BEIrFjCw_jfqpg4wd7hee-AggpN_rOXNZMjg33IMpJoN_Dac-XpXOQZQ6d84xelNLeLi1nGoWMh_OGpf1UXbCEwF6XfejRHZUMhpKeKqD70H9AxC899myvpJj-xXjxxI7s2Z_H4Olj\/s728-rw-e365\/patch.png\" style=\"clear: left; display: block; float: left;  text-align: center;\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_7_hdHA3yO2YFhzBXNM9Zq2unWJ5k1MSHN1ZAWlQnDUQwPpFur6BEIrFjCw_jfqpg4wd7hee-AggpN_rOXNZMjg33IMpJoN_Dac-XpXOQZQ6d84xelNLeLi1nGoWMh_OGpf1UXbCEwF6XfejRHZUMhpKeKqD70H9AxC899myvpJj-xXjxxI7s2Z_H4Olj\/s728-rw-e365\/patch.png\" alt=\"CSA and Connect Secure Vulnerabilities\" border=\"0\" data-original-height=\"380\" data-original-width=\"728\" title=\"CSA and Connect Secure Vulnerabilities\"\/><\/a><\/div>\n<p>Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution.<\/p>\n<p>The list of vulnerabilities is as follows &#8211;<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US\" rel=\"noopener\" target=\"_blank\">CVE-2024-11639<\/a><\/strong> (CVSS score: 10.0) &#8211; An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access<\/li>\n<\/ul>\n<ul>\n<li><strong><a href=\"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US\" rel=\"noopener\" target=\"_blank\">CVE-2024-11772<\/a><\/strong> (CVSS score: 9.1) &#8211; A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution<\/li>\n<\/ul>\n<ul>\n<li><strong><a href=\"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US\" rel=\"noopener\" target=\"_blank\">CVE-2024-11773<\/a><\/strong> (CVSS score: 9.1) &#8211; An SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements<\/li>\n<\/ul>\n<ul>\n<li><strong><a href=\"https:\/\/forums.ivanti.com\/s\/article\/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US\" rel=\"noopener\" target=\"_blank\">CVE-2024-11633<\/a><\/strong> (CVSS score: 9.1) &#8211; An argument injection vulnerability in Ivanti Connect Secure before version 22.7R2.4 that allows a remote authenticated attacker with admin privileges to achieve remote code execution<\/li>\n<\/ul>\n<ul>\n<li><strong><a href=\"https:\/\/forums.ivanti.com\/s\/article\/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US\" rel=\"noopener\" target=\"_blank\">CVE-2024-11634<\/a><\/strong> (CVSS score: 9.1) &#8211; A command injection vulnerability in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 that allows a remote authenticated attacker with admin privileges to achieve remote code execution<\/li>\n<\/ul>\n<ul>\n<li><strong><a href=\"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Sentry-CVE-2024-8540?language=en_US\" rel=\"noopener\" target=\"_blank\">CVE-2024-8540<\/a><\/strong> (CVSS score: 8.8) &#8211; An insecure permissions vulnerability in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 that allows a local authenticated attacker to modify sensitive application components<\/li>\n<\/ul>\n<div class=\"dog_two clear\"><center class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/gartner-endpoint-protection-d-v3\" rel=\"nofollow noopener sponsored\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjkuzWFb37o2kBMWrh677a-bc3W3aqi6k3AnOkln2pwSl3ddpp8DXxcVTfk3H2J0WQiA3A7FuXG999YvMsv6EfB4Gwhu0huEaBNNX4p5ubT-tz4GkP_WxaKy2zS5oW18kb2WcsIpBjbXoYpP4UOQD2f1DPMGmbZ8V5rIbiymixWkU8SYclRCDpBM0vB7ky0\/s728-rw-e100\/GartnerMQ-d-v3.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>The shortcomings have been addressed in the below versions &#8211;<\/p>\n<ul>\n<li>Ivanti Cloud Services Application 5.0.3<\/li>\n<li>Ivanti Connect Secure 22.7R2.4<\/li>\n<li>Ivanti Policy Secure 22.7R1.2<\/li>\n<li>Ivanti Sentry 9.20.2, 10.0.2, and 10.1.0 <\/li>\n<\/ul>\n<p>While Ivanti has <a href=\"https:\/\/www.ivanti.com\/blog\/december-security-update\" rel=\"noopener\" target=\"_blank\">emphasized<\/a> that it&#8217;s not aware of active exploitation of any of the aforementioned flaws, it&#8217;s imperative that users take quick action given that several flaws in its products have been <a href=\"https:\/\/thehackernews.com\/2023\/08\/ivanti-warns-of-critical-zero-day-flaw.html\" rel=\"noopener\" target=\"_blank\">abused<\/a> by <a href=\"https:\/\/thehackernews.com\/2024\/04\/researchers-identify-multiple-china.html\" rel=\"noopener\" target=\"_blank\">state-sponsored attackers<\/a> for <a href=\"https:\/\/thehackernews.com\/2024\/10\/nation-state-attackers-exploiting.html\" rel=\"noopener\" target=\"_blank\">malicious activities<\/a>.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Found this article interesting?  Follow us on <a href=\"https:\/\/twitter.com\/thehackersnews\" rel=\"noopener\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a> and <a href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" rel=\"noopener\" target=\"_blank\">LinkedIn<\/a> to read more exclusive content we post.<\/div>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/12\/ivanti-issues-critical-security-updates.html\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue802Dec 11, 2024\ue804Ravie LakshmananVulnerability \/ Network Security Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=135839\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-135839","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/135839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=135839"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/135839\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=135839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=135839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=135839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}