{"id":6263,"date":"2024-12-11T06:34:08","date_gmt":"2024-12-11T06:34:08","guid":{"rendered":"https:\/\/tech.newat9.com\/index.php\/2024\/12\/11\/al-143-critical-vulnerabilities-in-ivanti-cloud-services-appliance\/"},"modified":"2024-12-11T06:34:08","modified_gmt":"2024-12-11T06:34:08","slug":"al-143-critical-vulnerabilities-in-ivanti-cloud-services-appliance","status":"publish","type":"post","link":"https:\/\/tech.newat9.com\/index.php\/2024\/12\/11\/al-143-critical-vulnerabilities-in-ivanti-cloud-services-appliance\/","title":{"rendered":"[AL-143] Critical Vulnerabilities in Ivanti Cloud Services Appliance"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p>Ivanti has released security updates to address critical vulnerabilities (CVE-2024-11639, CVE-2024-11772 and CVE-2024-11773) affecting their Cloud Services Appliance (CSA) solution. CVE-2024-11639 has a Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.<\/p>\n<p>The vulnerabilities are:<\/p>\n<ul type=\"disc\">\n<li data-list=\"0\" data-level=\"1\">CVE-2024-11639: An authentication bypass vulnerability in the admin web console which      could allow a remote unauthenticated attacker to gain administrative      access.<\/li>\n<li data-list=\"0\" data-level=\"1\">CVE-2024-11772: A command injection vulnerability in the admin web console which could      allow a remote authenticated attacker with admin privileges to achieve      remote code execution.<\/li>\n<li data-list=\"0\" data-level=\"1\">CVE-2024-11773: A SQL injection vulnerability in the admin web console which could allow a      remote authenticated attacker with admin privileges to run arbitrary SQL      statements.<\/li>\n<\/ul>\n<p>The vulnerability affects Ivanti CSA versions 5.0.2 and earlier.<\/p>\n<p>Users and administrators of affected product versions are advised to update to the latest version immediately.<\/p>\n<p>More information is available here:\u00a0<\/p>\n<p><a href=\"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US\" target=\"_blank\" data-sf-ec-immutable=\"\" data-sf-marked=\"\" rel=\"noopener\">https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability\/\" target=\"_blank\" data-sf-ec-immutable=\"\" data-sf-marked=\"\" rel=\"noopener\">https:\/\/www.bleepingcomputer.com\/news\/security\/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability\/<\/a><\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11639\" target=\"_blank\" data-sf-ec-immutable=\"\" data-sf-marked=\"\" rel=\"noopener\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11639<\/a><\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11772\" target=\"_blank\" data-sf-ec-immutable=\"\" data-sf-marked=\"\" rel=\"noopener\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11772<\/a><\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11773\" target=\"_blank\" data-sf-ec-immutable=\"\" data-sf-marked=\"\" rel=\"noopener\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-11773<\/a><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/www.csa.gov.sg\/alerts-advisories\/alerts\/2024\/al-2024-143\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ivanti has released security updates to address critical vulnerabilities (CVE-2024-11639, CVE-2024-11772 and CVE-2024-11773) affecting their Cloud Services Appliance (CSA) solution. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6264,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/posts\/6263"}],"collection":[{"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/comments?post=6263"}],"version-history":[{"count":0,"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/posts\/6263\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/media\/6264"}],"wp:attachment":[{"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/media?parent=6263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/categories?post=6263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.newat9.com\/index.php\/wp-json\/wp\/v2\/tags?post=6263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}