Ivanti Patches Critical Cloud Flaws To Prevent Devastating Cyber Breaches

US-based security solutions provider Ivanti has issued high-priority patches for critical vulnerabilities in its cloud services appliance (CSA), designating them with the highest severity ratings. These newly discovered flaws, CVE-2024-11639, CVE-2024-11772, and CVE-2024-11773, have been classified as severe because they allow attackers to bypass authentication mechanisms in the admin web console, gain full administrative access without authentication or interaction with the device.

One of the identified flaws allows remote authenticated users with administrator privileges to execute arbitrary code on affected appliances, enabling attackers to manipulate and compromise sensitive systems. Additionally, Ivanti’s advisory highlights an additional critical flaw involving SQL injection in the admin web console, which can enable attackers to run arbitrary SQL queries, potentially leading to data modification or deletion.

Ivanti urges its customers to upgrade to the latest version of CSA – version 5.0.3 – to address these vulnerabilities. The company has taken proactive measures in addressing multiple critical flaws in its products over the past few months, including resolving several high-priority vulnerabilities related to remote code execution, authentication bypass, and SQL injection.

In addition to CSA, Ivanti recently issued patches to address nearly 50 vulnerabilities across its products, including eight critical issues in Connect Secure, Policy Secure, and Endpoint Manager. These flaws are associated with argument and command injection vulnerabilities that can allow attackers with administrator access to execute remote code, posing a significant security risk.

The updated products also address eight high-severity and two medium-severity flaws, which can lead to privilege escalation, denial-of-service (DoS) attacks, and remote code execution (RCE). As one of the leading security solution providers globally, Ivanti serves more than 40,000 organizations worldwide. Users are advised to review the security advisory and follow the recommended actions to secure their systems.

Regularly reviewing security advisories from trusted vendors like Ivanti, implementing patch management processes, conducting regular system scans and audits, and investing in robust cybersecurity measures can help protect against known threats. By taking these steps, organizations can minimize the risk of exploiting critical vulnerabilities and ensure the security of their systems.