{"id":4223,"date":"2024-09-16T11:04:08","date_gmt":"2024-09-16T08:04:08","guid":{"rendered":"https:\/\/www.govcert.bg\/?p=4223"},"modified":"2024-09-16T13:11:56","modified_gmt":"2024-09-16T10:11:56","slug":"ivanti-%d0%bf%d1%83%d0%b1%d0%bb%d0%b8%d0%ba%d1%83%d0%b2%d0%b0-%d0%b0%d0%ba%d1%82%d1%83%d0%b0%d0%bb%d0%b8%d0%b7%d0%b0%d1%86%d0%b8%d1%8f-%d0%bd%d0%b0-%d0%b7%d0%b0%d1%89%d0%b8%d1%82%d0%b0%d1%82%d0%b0-3","status":"publish","type":"post","link":"https:\/\/www.govcert.bg\/en\/warnings\/ivanti-%d0%bf%d1%83%d0%b1%d0%bb%d0%b8%d0%ba%d1%83%d0%b2%d0%b0-%d0%b0%d0%ba%d1%82%d1%83%d0%b0%d0%bb%d0%b8%d0%b7%d0%b0%d1%86%d0%b8%d1%8f-%d0%bd%d0%b0-%d0%b7%d0%b0%d1%89%d0%b8%d1%82%d0%b0%d1%82%d0%b0-3\/","title":{"rendered":"Ivanti Releases Security Update for Cloud Services Appliance"},"content":{"rendered":"

Ivanti<\/a> has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control of an affected system.\u202f<\/p>\n

At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0. Ivanti no longer supports CSA 4.6 (end-of-life).<\/p>\n

CERT Bulgaria<\/strong> recommends users and administrators review the guidance on eliminating OS command injections and the security advisory and apply the recommended updates:<\/p>\n