Burning zero days: suspected nation-state adversary targets ivanti csa

Intel Name: Burning zero days: suspected nation-state adversary targets ivanti csa

Date of Scan: October 14, 2024

Impact: High

Summary:
On September 10, 2024, Ivanti announced the CVE-2024-8190 security advisory, revealing an authenticated command injection vulnerability in DateTimeTab.php, affecting CSA 4.6 and earlier versions. By September 13, the vulnerability was added to CISA’s Known Exploited Vulnerabilities list, and Ivanti updated their advisory, noting observed exploitation post-disclosure. On September 16, Horizon3.ai published details and proof of concept exploit code for CVE-2024-8190.

More Details