Cyber999 Advisories

1.0 Introduction

Recently, Ivanti released security updates to address multiple vulnerabilities in Ivanti Endpoint Manager, Cloud Service Application 4.6, and Workspace Control.

2.0 Impact

A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

• Ivanti Endpoint Manager version 2024, 2022 SU5 and earlier
• Ivanti Cloud Service Application 4.6 (all versions before Patch 519)
• Ivanti Workspace Control version 10.18.0.0 and below

4.0 Recommendations

CyberSecurity Malaysia encourages users and administrators to review Ivanti Security Release for more information and apply the necessary updates.

Kindly refer to the following URLs for more information:

• Ivanti Endpoint Manager: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?_gl=1*6frqvp*_gcl_au*MTIzMDUyNTU2My4xNzE4ODgyNzE0
• Ivanti Cloud Service Application 4.6: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?_gl=1*6frqvp*_gcl_au*MTIzMDUyNTU2My4xNzE4ODgyNzE0
• Ivanti Workspace Control: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC?_gl=1*l8bxjy*_gcl_au*MTIzMDUyNTU2My4xNzE4ODgyNzE0

Generally, Cyber999 advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:

E-mail: cyber999[at]cybersecurity.my 

Phone: 1-300-88-2999 (monitored during business hours)  

Mobile: +60 19 2665850 (24x7 call incident reporting) 

Business Hours: Mon - Fri 08:30 -17:30 MYT 

Web: https://www.mycert.org.my 

5.0 References

• https://www.ivanti.com/blog/topics/security-advisory
• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC?_gl=1*l8bxjy*_gcl_au*MTIzMDUyNTU2My4xNzE4ODgyNzE0
• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?_gl=1*6frqvp*_gcl_au*MTIzMDUyNTU2My4xNzE4ODgyNzE0
• https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?_gl=1*6frqvp*_gcl_au*MTIzMDUyNTU2My4xNzE4ODgyNzE0
• https://www.cisa.gov/news-events/alerts/2024/09/10/ivanti-releases-security-updates-endpoint-manager-cloud-service-application-and-workspace-control