Ivanti original security advisory

¨"At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers"". Our vulnerability management program is designed to enable us to find, fix and disclose vulnerabilities in collaboration with the broader security ecosystem, and communicate responsibly and transparently with customers.

In recent months, we have intensified our internal scanning, manual exploitation and testing capabilities, and have additionally made improvements to our responsible disclosure process so that we can promptly discover and address potential issues.

Ivanti is making a large investment in Secure by Design across our organization and signed the CISA Secure by Design pledge in May. You can follow along with our progress here.

Today, fixes have been released for the following Ivanti solutions: Ivanti Endpoint Manager Mobile (EPMM), Ivanti Cloud Service Application (CSA), Ivanti Velocity License Server, Ivanti Connect Secure and Policy Secure, and Ivanti Avalanche.

It is important for customers to know:

We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963. We have not observed these vulnerabilities being exploited in any version of CSA 5.0.
We have no evidence of any other vulnerabilities being exploited in the wild.
These vulnerabilities do not impact any other Ivanti products or solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in these Security Advisories:

• Ivanti EPMM
• Ivanti CSA
• Ivanti Velocity License Server
• Ivanti Avalanche
• Ivanti Connect Secure/Policy Secure

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Original source: https://www.ivanti.com/blog/october-2024-security-update

Counter analysis from @screaminggoat@infosec.exchange

~~~ Ivanti Security Advisory: Ivanti CSA (Cloud Services Application) (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) Very sneaky of Ivanti to quietly update the security advisory without a changelog: They removed CVE-2024-9381 (CVSSv3: 7.2 high) Path traversal in Ivanti CSA before version 5.0.2 from the exploitation announcement: ~~~

Original source: https://social.circl.lu/@screaminggoat@infosec.exchange/113278926244627512