- 3 hidden benefits of Dedicated Internet Access for enterprises
- What is Project Stargate? Why this $500-billion AI initiative could herald a 'platform shift'
- T-Mobile users can now try Starlink's satellite service for free - here's how
- The best USB-C cables for the iPhone 15 in 2025: What the experts recommend
- The best cheap smartwatches of 2025: Expert tested and reviewed
Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
Threat actors have been actively exploiting chained vulnerabilities in Ivanti Cloud Service Appliances (CSA), significantly amplifying the impact of their cyber-attacks.
The vulnerabilities—CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380—were leveraged in September 2024 to breach systems, execute remote code (RCE), steal credentials and deploy webshells on victim networks.
Exploiting Chained Vulnerabilities
According to a joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), attackers used two distinct exploit chains to achieve their objectives:
-
The first chain combined CVE-2024-8963, an administrative bypass vulnerability, with CVE-2024-8190 and CVE-2024-9380, both RCE vulnerabilities
-
The second chain exploited CVE-2024-8963 alongside CVE-2024-9379, a SQL injection vulnerability
“CISA, and the use of trusted third-party incident response data, found that threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials and implant webshells on victim networks,” the agency wrote.
The advisory underscores how this chaining technique makes the attacks more dangerous and difficult to defend against.
Read more on techniques used by APTs: PlushDaemon APT Targeted South Korean VPN Software
Mitigation and Recommendations
To address the threat, CISA and the FBI strongly recommended that organizations using Ivanti CSA immediately:
-
Upgrade to the latest supported version to patch known vulnerabilities
-
Monitor for indicators of compromise (IOCs) provided in the advisory
-
Treat any credentials stored on compromised systems as potentially exposed
“CISA and FBI strongly encourage network administrators and defenders to upgrade to the latest supported version of Ivanti CSA and to hunt for malicious activity on their networks using the detection methods and indicators of compromise (IOCs) provided in the advisory.” the agencies added.
It’s especially critical to note that Ivanti CSA version 4.6 has reached end-of-life and no longer receives security updates, leaving it highly vulnerable to exploitation. Administrators are urged to prioritize replacing unsupported versions to ensure protection against emerging threats.
CISA also advised implementing security measures such as multifactor authentication, timely patching and endpoint monitoring to strengthen defenses.
