About the Vulnerability

Introduction

Ivanti Endpoint Manager (formerly known as LANDesk Management Suite) is a comprehensive endpoint management solution developed by Ivanti. It is primarily used to help businesses manage and secure various endpoint devices on their network, including desktop computers, laptops, mobile devices, and servers.

Summary

On December 11, 2024, Sangfor FarSight Labs received notification that a Ivanti Cloud Services Application (CSA) component contains information of Authentication Bypass Vulnerability(CVE-2024-11639), classified as critical in threat level.

A severe authentication bypass vulnerability exists in the management console of Ivanti Cloud Services Application (CSA), which could be exploited by unauthorized attackers to gain administrative privileges, leading to server compromise.

Additionally, Ivanti has disclosed two severe vulnerabilities, CVE-2024-11772 and CVE-2024-11773, that require administrative privileges. Attackers who have obtained administrative privileges can exploit these vulnerabilities to execute arbitrary commands or SQL statements.

Affected Versions

Ivanti Cloud Services Application (CSA) < 5.0.3

Solutions

Official Solution

The latest versions have been officially released to fix the vulnerability. Affected users are recommended to update the version to Ivanti Cloud Services Application (CSA) 5.0.3 and versions above.

Download link: https://forums.ivanti.com/s/article/CSA-5-0-Download?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1

Timeline

On December 11, 2024, Sangfor FarSight Labs received notification of Ivanti Cloud Services Application (CSA) Authentication Bypass Vulnerability.

On December 11, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

See Other Product