About the Vulnerability
Introduction
Ivanti Endpoint Manager (formerly known as LANDesk Management Suite) is a comprehensive endpoint management solution developed by Ivanti. It is primarily used to help businesses manage and secure various endpoint devices on their network, including desktop computers, laptops, mobile devices, and servers.
Summary
On December 11, 2024, Sangfor FarSight Labs received notification that a Ivanti Cloud Services Application (CSA) component contains information of Authentication Bypass Vulnerability(CVE-2024-11639), classified as critical in threat level.
A severe authentication bypass vulnerability exists in the management console of Ivanti Cloud Services Application (CSA), which could be exploited by unauthorized attackers to gain administrative privileges, leading to server compromise.
Additionally, Ivanti has disclosed two severe vulnerabilities, CVE-2024-11772 and CVE-2024-11773, that require administrative privileges. Attackers who have obtained administrative privileges can exploit these vulnerabilities to execute arbitrary commands or SQL statements.
Affected Versions
Ivanti Cloud Services Application (CSA) < 5.0.3
Solutions
Official Solution
The latest versions have been officially released to fix the vulnerability. Affected users are recommended to update the version to Ivanti Cloud Services Application (CSA) 5.0.3 and versions above.
Download link: https://forums.ivanti.com/s/article/CSA-5-0-Download?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1
Timeline
On December 11, 2024, Sangfor FarSight Labs received notification of Ivanti Cloud Services Application (CSA) Authentication Bypass Vulnerability.
On December 11, 2024, Sangfor FarSight Labs released a vulnerability alert.