Cybersecurity and Infrastructure Security Agency (CISA) You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated and is now available.
Ivanti Releases Security Update for Cloud Services Appliance [ https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance ] 09/13/2024 1:00 PM EDT Ivanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control of an affected system. At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0. Ivanti no longer supports CSA 4.6 (end-of-life). CISA recommends users and administrators review CISA and FBI's joint guidance on eliminating OS command injections [ https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-os-command-injection-vulnerabilities ] and the Ivanti security advisory [ https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US&_gl=1*6frqvp*_gcl_au*MTIzMDUyNTU2My4xNzE4ODgyNzE0 ] and apply the recommended updates. *Note*: CISA has added CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog [ https://www.cisa.gov/known-exploited-vulnerabilities-catalog ], which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities [ https://www.cisa.gov/news-events/directives/bod-22-01-reducing-significant-risk-known-exploited-vulnerabilities ], requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats. This product is provided subject to this Notification [ https://edit.cisa.gov/notification ] and this Privacy & Use [ https://edit.cisa.gov/privacy-policy ] policy. body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: #333333; } Having trouble viewing this message? View it as a webpage [ https://content.govdelivery.com/accounts/USDHSCISA/bulletins/3b59613 ]. [ https://content.govdelivery.com/accounts/USDHS/bulletins/292141e ] You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency [ https://www.cisa.gov ] (CISA) Manage Subscriptions [ https://public.govdelivery.com/accounts/USDHSCISA/subscriber/edit?preferences=true#tab1 ] | Privacy Policy [ https://www.cisa.gov/privacy-policy ] | Help [ https://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center ] [ https://insights.govdelivery.com/Communications/Subscriber_Help_Center ] Connect with CISA: Facebook [ https://www.facebook.com/CISA ] | Twitter [ https://twitter.com/CISAgov ] | Instagram [ https://Instagram.com/cisagov ] | LinkedIn [ https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency ] | YouTube [ https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A ] ________________________________________________________________________ This email was sent to [email protected] using GovDelivery Communications Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707 17th St, Suite 4000 · Denver, CO 80202 GovDelivery logo [ https://subscriberhelp.granicus.com/ ] body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}
