Ivanti Cloud Bug Goes Under Exploit After Alarms Are RaisedIvanti Cloud Bug Goes Under Exploit After Alarms Are Raised

Just days after Ivanti released an advisory regarding a high-severity vulnerability in its Cloud Service Appliance (CSA), the company is alerting customers that the flaw is now being exploited in the wild. 

Ivanti initially disclosed the vulnerability, tracked as CVE-2024-8190, on Sept. 10, warning customers that it could allow unauthorized access to their devices. With a CVSS score of 7.2 out of 10, the attacker must have administrator-level privileges in order to exploit the vulnerability.

To remediate the bug, Ivanti recommended that users upgrade from Ivanti CSA 4.6 to CSA 5.0. In addition, CSA 4.6 Patch 518 customers can update to Patch 519, however, upgrading to CSA 5.0 remains the best option, the company noted.

On Sept. 13, Ivanti updated its advisory, making its customers aware that it knew of the active exploitation of the vulnerability.

"At the time of the September 13 update, exploitation of a limited number of customers has been confirmed following public disclosure," said the advisory.

Users should update to the latest version of the appliance as soon as possible.

If users find that they have been compromised before they can apply the recommended patch, according to the company, they can log a case or request a call through the Ivanti Success Portal.