Ivanti Releases Security Update for Cloud Services Appliance

Ivanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control of an affected system. 

At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0. Ivanti no longer supports CSA 4.6 (end-of-life).

CISA recommends users and administrators review CISA and FBI's joint guidance on eliminating OS command injections and the Ivanti security advisory and apply the recommended updates.

Note: CISA has added CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

Ivanti Releases Security Update for Cloud Services Appliance

Please share your thoughts

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Analysis of FY23 Risk and Vulnerability Assessments

Cisco Releases Security Updates for IOS XR Software

CISA Releases Twenty-Five Industrial Control Systems Advisories

Ivanti Releases Security Update for Cloud Services Appliance

Please share your thoughts

Related Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Analysis of FY23 Risk and Vulnerability Assessments

Cisco Releases Security Updates for IOS XR Software

CISA Releases Twenty-Five Industrial Control Systems Advisories