Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
Jan. 24, 2025, 2:54 p.m.
Description
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory in response to exploitation in September 2024 of vulnerabilities in Ivanti Cloud Service Appliances (CSA): CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities.
Tags
Date
- Created: Jan. 24, 2025, 2:18 p.m.
- Published: Jan. 24, 2025, 2:18 p.m.
- Modified: Jan. 24, 2025, 2:54 p.m.
Linked vulnerabilities
Indicators
- 4b16ea1b1273f8746cf399c71bfc1f5bff7378b5414b4ea044c55e0ee08c89d3
- 98.98.54.209
- 67.217.228.83
- 64.176.49.160
- 45.33.101.53
- 216.73.162.56
- 203.160.72.174
- 185.220.69.83
- 185.199.103.196
- 163.5.171.49
- 155.138.215.144
- 142.171.217.195
- 142.11.217.3
- 134.195.90.71
- 108.174.199.200
- 104.168.133.228
- 136.144.17.133
- 216.131.75.53
- 89.187.178.179
- 203.160.86.69
- 107.173.89.16
- 38.207.159.76
- 208.105.190.170
- 156.234.193.18
- 23.236.66.97
- 188.172.229.15
- cri07nnrg958pkh6qhk0yrgy1e76p1od6.oast.fun
- cri07nnrg958pkh6qhk0977u8c83jog6t.oast.fun
Attack Patterns
- T1556
- T1548
- T1552
- T1505
- T1564
- T1071
- T1595
- T1210
- T1219
- T1140
- T1190
- T1068
- T1059
- CVE-2025-0283
- CVE-2025-0282
- CVE-2024-9380
- CVE-2024-9381
- CVE-2024-9379
- CVE-2024-8963
- CVE-2024-8190