San Francisco, December 11, 2024 –Ivanti urges immediate action on critical vulnerabilities in CSA and Connect Secure, including a CVSS 10.0 flaw. Update to the latest versions to avoid severe security risks.
Ivanti has sounded the alarm on multiple high-stakes vulnerabilities affecting its Cloud Services Application (CSA) and Connect Secure products. The company has released critical updates to address these flaws, which could allow unauthorized access, privilege escalation, and remote code execution.
Key among the vulnerabilities is CVE-2024-11639, a devastating authentication bypass with a perfect CVSS score of 10.0, enabling attackers to gain admin access remotely. Other flaws include command injection, SQL injection, and insecure permissions, affecting versions prior to CSA 5.0.3, Connect Secure 22.7R2.4, and Sentry 10.1.0.
Ivanti takes the security of our products seriously and urges immediate updates to mitigate these risks.
Security experts echo this sentiment, emphasizing that timely patching is crucial to thwart potential exploitation.
While Ivanti has clarified that these vulnerabilities have not yet been exploited in the wild, history has shown that attackers, including state-sponsored groups, are quick to target such flaws. Ccybersecurity analyst Sarah Lopez warned:
We’ve seen similar vulnerabilities leveraged in espionage campaigns. Businesses cannot afford delays in applying fixes.
Affected organizations are advised to update to the latest versions without delay: CSA 5.0.3, Connect Secure 22.7R2.4, and Sentry 10.1.0, among others. With state-sponsored threat actors increasingly sophisticated, Ivanti’s swift action provides a critical shield for enterprise networks.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
