Threat Actors Chained Vulnerabilities in Ivanti Cloud Service…

216.73.216.6

Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

· Published 24/01/2025 14:18 · Modified 24/01/2025 14:54

Essential information

Published: 24/01/2025 14:18
Modified: 24/01/2025 14:54
Tags: 2025-01-24 cisa ivanti
Related entities: 7 vulnerabilities (cve), 28 observables, 13 techniques (mitre)

Description

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory in response to exploitation in September 2024 of vulnerabilities in Ivanti Cloud Service Appliances (CSA): CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities.

Related entities

External references

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
https://otx.alienvault.com/pulse/6793a122d3afae240ccc4a4d