{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-119.pdf"
    },
    "title": "Critical Vulnerability in Ivanti Products",
    "serial_number": "2024-119",
    "publish_date": "11-12-2024 15:31:06",
    "description": "On December 10, 2024, Ivanti has released critical security updates addressing multiple vulnerabilities in its Cloud Services Appliance (CSA) and Connect Secure products. These flaws could allow attackers to escalate privileges or execute arbitrary code.<br>\n",
    "url_title": "2024-119",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0Ivanti\u00a0Products'\nnumber: '2024-119'\nversion: '1.0'\noriginal_date: '2024-12-10'\ndate: '2024-12-11'\n---\n\n_History:_\n\n* _11/12/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn December 10, 2024, Ivanti has released critical security updates addressing multiple vulnerabilities in its Cloud Services Appliance (CSA) and Connect Secure products. These flaws could allow attackers to escalate privileges or execute arbitrary code [1,2].\n\n# Technical Details\n\nThe vulnerability **CVE-2024-11639**, with a CVSS score of 10.0, is an authentication bypass in the CSA admin web console permitting remote unauthenticated attackers to gain administrative access.\n\nThe vulnerability **CVE-2024-11772**, with a CVSS score of 9.1, is a command injection in the CSA admin web console allowing remote authenticated attackers with admin privileges to achieve remote code execution.\n\nThe vulnerability **CVE-2024-11773**, with a CVSS score of 9.1, is an SQL injection in the CSA admin web console enabling remote authenticated attackers with admin privileges to execute arbitrary SQL statements.\n\nThe vulnerability **CVE-2024-11633**, with a CVSS score of 9.1, is an argument injection in Connect Secure that allows remote authenticated attackers with admin privileges to achieve remote code execution.\n\nThe vulnerability **CVE-2024-11634**, with a CVSS score of 9.1, is a command injection in Connect Secure and Policy Secure permitting remote authenticated attackers with admin privileges to achieve remote code execution.\n\nThe vulnerability **CVE-2024-8540**, with a CVSS score of 8.8, is an insecure permissions issue in Sentry allowing local authenticated attackers to modify sensitive application components.\n\n# Affected Products\n\nThe following product versions are affected:\n\n* **Ivanti Cloud Services Appliance (CSA)**: Versions prior to 5.0.3;\n* **Ivanti Connect Secure**: Versions prior to 22.7R2.4;\n* **Ivanti Policy Secure**: Versions prior to 22.7R1.2;\n* **Ivanti Sentry**: Versions prior to 9.20.2, 10.0.2, and 10.1.0.\n\n# Recommendations\n\nTo mitigate these vulnerabilities, CERT-EU strongly recommends to upgrade to the latest versions where the vulnerabilities have been addressed.\n\n# References\n\n[1] <https://www.ivanti.com/blog/december-security-update>\n\n[2] <https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>11/12/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On December 10, 2024, Ivanti has released critical security updates addressing multiple vulnerabilities in its Cloud Services Appliance (CSA) and Connect Secure products. These flaws could allow attackers to escalate privileges or execute arbitrary code [1,2].</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2024-11639</strong>, with a CVSS score of 10.0, is an authentication bypass in the CSA admin web console permitting remote unauthenticated attackers to gain administrative access.</p><p>The vulnerability <strong>CVE-2024-11772</strong>, with a CVSS score of 9.1, is a command injection in the CSA admin web console allowing remote authenticated attackers with admin privileges to achieve remote code execution.</p><p>The vulnerability <strong>CVE-2024-11773</strong>, with a CVSS score of 9.1, is an SQL injection in the CSA admin web console enabling remote authenticated attackers with admin privileges to execute arbitrary SQL statements.</p><p>The vulnerability <strong>CVE-2024-11633</strong>, with a CVSS score of 9.1, is an argument injection in Connect Secure that allows remote authenticated attackers with admin privileges to achieve remote code execution.</p><p>The vulnerability <strong>CVE-2024-11634</strong>, with a CVSS score of 9.1, is a command injection in Connect Secure and Policy Secure permitting remote authenticated attackers with admin privileges to achieve remote code execution.</p><p>The vulnerability <strong>CVE-2024-8540</strong>, with a CVSS score of 8.8, is an insecure permissions issue in Sentry allowing local authenticated attackers to modify sensitive application components.</p><h2 id=\"affected-products\">Affected Products</h2><p>The following product versions are affected:</p><ul><li><strong>Ivanti Cloud Services Appliance (CSA)</strong>: Versions prior to 5.0.3;</li><li><strong>Ivanti Connect Secure</strong>: Versions prior to 22.7R2.4;</li><li><strong>Ivanti Policy Secure</strong>: Versions prior to 22.7R1.2;</li><li><strong>Ivanti Sentry</strong>: Versions prior to 9.20.2, 10.0.2, and 10.1.0.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>To mitigate these vulnerabilities, CERT-EU strongly recommends to upgrade to the latest versions where the vulnerabilities have been addressed.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.ivanti.com/blog/december-security-update\">https://www.ivanti.com/blog/december-security-update</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html\">https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}