TRENDING:

Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

Ivanti Vulnerability Again Forces Emergency Patches

Cloud Service Appliance Admin Panels Exposed a Pathway to the Internet for Hackers David Perera (@daveperera) • September 16, 2024    
Ivanti Vulnerability Again Forces Emergency Patches
Ivanti has called its drumbeat of vulnerabilities a sign of a "healthy code analysis and testing community." (Image: Shutterstock)

Customers of internet appliance maker Ivanti face yet another hackable vulnerability. The Utah company warned customers Friday about exploitation of a Cloud Service Appliance detected in the wild.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

"A limited number of customers" running version 4.6 of the software, which allows enterprises to manage devices behind firewalls and can serve as proxy network access, have been hacked, the company said. Thae U.S. Cybersecurity and Infrastructure Agency added the vulnerability to its catalog of known exploited vulnerabilities, putting federal agencies on a three-week countdown clock to ensure they apply a patch.

The vulnerability, tracked as CVE-2024-8190, affects version 4.6 of the Cloud Service Appliance, which is at end of life. Ivanti said the vulnerability doesn't affect version 5 of the appliance; it released a patch on Sept. 10. One telltale sign of hacking, the company said, could be newly added admin users or modified admin accounts.

Ivanti gateway appliances earlier this year were at the center of an espionage hacking operation likely conducted by China. CISA was among the affected customers. The campaign thrust Ivanti into a spotlight maintained by researchers who have kept up a drumbeat of revelations of vulnerabilities in the company's products (see: Ivanti Uses End-of-Life Operating Systems, Software Packages).

Only days before this latest flaw, Ivanti patched a critical vulnerability in its Endpoint Manager product that could allow unauthenticated attackers gain remote code execution. The company has called the spike in discoveries of cybersecurity flaws a sign of progress and attributed it to intensified scanning and testing. "We agree with CISAs statement that the responsible discovery and disclosure of CVEs is 'a sign of healthy code analysis and testing community,'" it said.

The company said Cloud Service Appliance users with dual-homed configurations who followed best practices by designating eth0 as an internal network were far less at risk of being hacked. Exploiting the flaw requires hackers to authenticate into the appliance and have admin privileges, Ivanti said.

Researchers from Horizon3.ai posited that hackers able to exploit the flaw found appliances configured to accept internet connections through eth1 or that only had one interface configured. Attempting to reach the admin portal from the internet through eth0 resulted in a "403 Forbidden" message. When exposed to the internet, the Cloud Service Appliance admin portal did not rate-limit brute force attempts to find a working user name and password combination. Users who never logged onto the appliance might have also helped hackers, since the appliance shipped with a default credential of admin:admin. A first-time logon triggered a credential update requirement.

"We theorize that most likely users who have been exploited have never logged in to the appliance, or due to lack of rate limiting may have had poor password hygiene and had weaker passwords," the researchers said.

Previous
More US Sanctions Against Predator Spyware Maker Intellexa
Next
China Using Powerful Hacking Firms to Run Its Espionage War

About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.



Around the Network

Study: 92% of Healthcare Firms Hit by Cyberattacks This Year
Study: 92% of Healthcare Firms Hit by Cyberattacks This Year
Why Shoring Up Cyber at Rural and Small Hospitals Is Urgent
Why Shoring Up Cyber at Rural and Small Hospitals Is Urgent
Cyber Insurers Are Intensely Scrutinizing Healthcare Clients
Cyber Insurers Are Intensely Scrutinizing Healthcare Clients
Why Vetting AI Vendor Security Is Critical in Healthcare
Why Vetting AI Vendor Security Is Critical in Healthcare
Who Will Take the Lead in Setting Healthcare AI Regulations?
Who Will Take the Lead in Setting Healthcare AI Regulations?
Eliminating the Need for Stored Credentials in Healthcare
Eliminating the Need for Stored Credentials in Healthcare
Clinical Considerations When Recovering From Ransomware
Clinical Considerations When Recovering From Ransomware
How Mega Attacks Are Spotlighting Critical 3rd-Party Risks
How Mega Attacks Are Spotlighting Critical 3rd-Party Risks
Unforeseen Risks to Medical Devices in Ransomware Attacks
Unforeseen Risks to Medical Devices in Ransomware Attacks
Identity Security: How to Reduce Cyber Risk in Manufacturing
Identity Security: How to Reduce Cyber Risk in Manufacturing

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.

  翻译: