{"id":7044,"date":"2025-01-23T11:57:23","date_gmt":"2025-01-23T17:57:23","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/cisa-ivanti-vulns-chained-attacks"},"modified":"2025-01-23T11:57:23","modified_gmt":"2025-01-23T17:57:23","slug":"cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/01\/23\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught\/","title":{"rendered":"CISA: Ivanti Vulns Chained Together in Cyberattack Onslaught"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/bltd9b08855aef87258\/66edccd58bba4154e9b0146c\/ivanti1800_Kristoffer_Tripplaar_alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">NEWS BRIEF<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Cyberattackers are using a new threat vector involving several Ivanti vulnerabilities in order to subvert the company&#8217;s Cloud Service Appliance (CSA).<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">According to the Cybersecurity and Infrastructure Security (CISA) and the FBI, these include <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_self\" href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/ivanti-cloud-service-appliance-attacked-vuln\">CVE-2024-8963<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, an admin bypass vulnerability; <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_self\" href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/three-more-ivanti-cloud-vulns-exploited\">CVE-2024-9379<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, a SQL injection vulnerability; and <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_self\" href=\"https:\/\/www.darkreading.com\/threat-intelligence\/ivanti-cloud-bug-exploit-alarms-raised\">CVE-2024-8190<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> and CVE-2024-9380, both remote code execution (RCE) vulnerabilities.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Using third-party incident-response data, CISA found that threat actors utilized the bugs by chaining them together to <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_self\" href=\"https:\/\/www.darkreading.com\/remote-workforce\/critical-ivanti-vtm-bug-unauthorized-admin-access\">gain initial access<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, allowing them to conduct remote code execution (RCE), obtain credentials, and install Web shells on victim networks.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;All four vulnerabilities affect Ivanti CSA version 4.6x versions before 519, and two of the vulnerabilities (CVE-2024-9379 and CVE-2024-9380) affect CSA versions 5.0.1 and below; according to Ivanti, these CVEs have not been exploited in version 5.0,&#8221; <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa25-022a\">CISA stated<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> in the advisory.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In order to mitigate these threats, both organizations encourage network admins to upgrade to the latest supported version of Ivanti CSA and to use detection methods and the indicators of compromise (IoCs) provided in the CISA advisory to search for malicious activity on their networks.<\/span><\/p>\n<p data-component=\"related-article\" class=\"RelatedArticle\"><span data-testid=\"related-article-title\" class=\"RelatedArticle-Title\">Related:<\/span><a class=\"RelatedArticle-RelatedContent\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/security-risk-rampant-shadow-ai\" target=\"_self\" data-discover=\"true\">The Security Risk of Rampant Shadow AI<\/a><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">If organizations do detect compromise, it&#8217;s recommended to quarantine or take offline potentially affected hosts and reimage them. Admins should also provide new account credentials, collect and review artifacts, and report the compromise to CISA. In addition to this, it&#8217;s recommended to exercise, test, and validate a security program against threat actors listed in the MITRE ATT&amp;CK for Enterprise framework.<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/cisa-ivanti-vulns-chained-attacks\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NEWS BRIEF Cyberattackers are using a new threat vector involving<\/p>\n","protected":false},"author":12,"featured_media":7045,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-7044","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-ivanti-vulns-chained-together-in-cyberattack-onslaught-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7044"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7044\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/7045"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}