136863 author: screaminggoat@infosec.exchange 23 Dec 23:36
tags: #activeexploitation #cve #cybersecurity #eitw #infosec #patchtuesday #poc #proofofconcept #vulnerability #zeroday

Merry Christmas from the goat: Vendor Verbiage is a list of common example messages used by software vendors to note that a vulnerability is publicly disclosed or exploited in the wild. This should come in handy when quickly scanning through security advisories on Patch Tuesday. Enjoy!

76340 author: screaminggoat@infosec.exchange 09 Oct 2024 18:40
tags: #activeexploitation #cloudservicesappliance #cve #eitw #ivanti #ivanticsa #patchtuesday #vulnerability #zeroday
to: https://infosec.exchange/users/cR0w https://infosec.exchange/users/reverseics

Ivanti Security Advisory: Ivanti CSA (Cloud Services Application) (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
Very sneaky of Ivanti to quietly update the security advisory without a changelog: They removed CVE-2024-9381 (CVSSv3: 7.2 high) Path traversal in Ivanti CSA before version 5.0.2 from the exploitation announcement:

We have observed limited exploitation of CSA 4.6 when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963, present in CSA 4.6 patch 518 and below, it could lead to unauthenticated remote code execution. We have not observed these vulnerabilities being exploited in CSA 5.0.

See parent toot above for the original wording. cc: @cR0w @reverseics

76339 author: screaminggoat@infosec.exchange 08 Oct 2024 14:43
tags: #activeexploitation #eitw #ivanti #patchtuesday #vulnerability #zeroday
to: https://infosec.exchange/users/cR0w https://infosec.exchange/users/reverseics

Happy EXPLOITED ZERO-DAY #PatchTuesday from Ivanti: October Security Update

We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963.