December 26 Advisory: Max Severity Vulnerability in Ivanti Cloud Services Appliance [CVE-2024-11639]

Date of Disclosure (source): December 10, 2024

CVE-2024-11639 is an authentication bypass vulnerability in the admin web console of Ivanti Cloud Services Appliance (CSA) versions prior to 5.0.3, which can allow a remote, unauthenticated attacker to gain administrative access. Ivanti assigned this vulnerability the maximum CVSS score of 10.0. 

According to Ivanti’s advisory, there is no known active exploitation of this vulnerability prior to its public disclosure, and no public exploits are currently available. As a result, Ivanti has not provided any specific indicators of compromise for CVE-2024-11639.

In the same advisory, Ivanti also disclosed details about two additional CSA vulnerabilities: CVE-2024-11772 and CVE-2024-11773. Although Ivanti has not released many details on the technical specifics or potential impact of these issues, they are advising customers to review the advisory and apply any recommended updates or mitigations for all three vulnerabilities (CVE-2024-11639, CVE-2024-11772, and CVE-2024-11773) as soon as possible.

Censys Perspective

At the time of writing, Censys observed 856 exposed Ivanti CSA instances. A large proportion of these (43%) are geolocated in the United States. Note that not all instances observed are vulnerable as we do not have specific versions available.

Map of Exposed Ivanti CSA Instances

Censys Search Query:

services.software: (vendor="Ivanti" and product="Cloud Services Appliance")

Censys ASM Query:

host.services.software.vendor="Ivanti" and host.services.software.product="Cloud Services Appliance"

References

• Ivanti Security Advisory
• OstorLab CVE-2024-11639
• CVE-2024-11639 NVD Advisory