{"uuid": "3651b195-292d-4150-b4a3-186bbc6fa128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA", "description": "# Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA | FortiGuard Labs\n\nReference: [https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa](https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa)\n\nAffected Platforms: Ivanti Cloud Services Appliance version 4.6 and prior\nImpacted Users: Any organization\nImpact: Remote attackers gain control of the vulnerable systems\nSeverity Level: Critical\n\nToday FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of our investigation, two out of the three identified vulnerabilities were not publicly known. This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim\u2019s network.\nBackground\n\nIn a recent incident response engagement, FortiGuard Incident Response (FGIR) services were engaged by a customer to investigate malicious communication originating from their network. During the investigation, FGIR came across an adversary who had gained access to the customer\u2019s network by exploiting the CVE-2024-8190 and two previously unknown vulnerabilities affecting the PHP front end of the Ivanti CSA appliance.\n", "creation_timestamp": "2024-10-21T08:27:33.229801+00:00", "timestamp": "2024-10-21T08:27:33.229801+00:00", "related_vulnerabilities": ["CVE-2024-29824", "CVE-2024-9380", "CVE-2024-8190", "CVE-2024-8963"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}