Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
ID: 2cc69d48-66a4-5933-9dd6-f5ba43995e7b
STIX ID: report--2cc69d48-66a4-5933-9dd6-f5ba43995e7b
Feed Name: CISA Cybersecurity Advisories
CISA and the FBI released a joint advisory describing active exploitation of multiple Ivanti Cloud Service Appliance vulnerabilities (including zero-days) in September–October 2024. Threat actors chained an administrative bypass, SQL injection, and remote code execution flaws to obtain credentials, deploy webshells, and in at least one case move laterally; the advisory includes detailed exploit chains, IOCs, MITRE ATT&CK mappings, victim detection narratives, and remediation/mitigation guidance (notably upgrading EOL Ivanti CSA 4.6 systems).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.