Ivanti's Cloud Service Attacked via Second Vuln - #CVE-2023-46805
Recent reports have highlighted several critical vulnerabilities in Ivanti's Endpoint Manager and Cloud Services Appliance (CSA), with CVEs such as CVE-2024-29847 and CVE-2024-8963 receiving particularly high severity ratings. These vulnerabilities allow remote code execution and unauthorized access, posing significant threats if not promptly patched. Notably, the CSA vulnerabilities have been actively exploited in the wild, prompting Ivanti and cybersecurity agencies like CISA to urge immediate updates. Ivanti has released patches for affected versions and strongly recommends upgrading to more recent software versions to mitigate risks. Security experts emphasize the importance of proactive measures and continuous monitoring to manage these vulnerabilities effectively, especially in systems nearing end-of-life status.