This Alert is relevant to Australian organisation who are running or administering instances of Ivanti CSA 4.6 (Cloud Services Appliance). This alert is intended to be understood by technical users.
Customers are encouraged to apply available mitigations and patches as soon as possible.
Background / What has happened?
- Ivanti has released a security advisory and mitigations for a critical vulnerability in the Ivanti CSA 4.6 (Cloud Services Appliance).
- CVE-2024-8963 administrative bypass/path traversal in Ivanti CSA 4.6 before Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
- Ivanti is aware of active exploitation of this vulnerability.
Mitigation / How do I stay secure?
Organisations that use Ivanti CSA 4.6 (Cloud Services Appliance) should follow the mitigations advice provided in the Ivanti Security Advisory below:
Ivanti advise that CSA 4.6 is End of Life and strongly recommends that there customers upgrade to CSA 5.0.
Assistance / Where can I go for help?
Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).