Ivanti Addressed Actively Exploited CSA Zero-day Vulnerabilities

Ivanti, an American IT software company, has released critical security updates addressing three new zero-day vulnerabilities in its Cloud Services Appliance (CSA). These vulnerabilities have been actively exploited in attacks, with attackers combining them with a previously patched zero-day from September. Exploiting these flaws could allow remote attackers to execute SQL and command injections, as well as bypass security controls through path traversal on vulnerable CSA gateways. Ivanti has identified a limited number of customers affected and recommends those using CSA 4.6 patch 518 or earlier to upgrade to version 5.0.2 to mitigate these risks. Read more...