Exploit Chain - Geek Feed

CISA: Hackers still exploiting older Ivanti bugs to breach networks

January 24, 2025January 24, 2025 geekfeed0Tagged Actively Exploited, CISA, exploit, Exploit Chain, FBI, Ivanti, Ivanti Cloud Service Appliances, Warning

CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks. The vulnerabilities chained in these attacks include CVE-2024-8963 (an admin authentication bypass patched in September) and CVE-2024-8190 (a remote code execution bug patched the same month). Two other bugs, CVE-2024-9379 (an SQL […]

3 mins read

Palo Alto Networks warns of firewall hijack bugs with public exploit

October 10, 2024October 10, 2024 geekfeed0Tagged Command Injection, Cross-site scripting, Expedition, exploit, Exploit Chain, Firewall, Palo Alto Networks, poc, Proof of Concept, SQL Injection

Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto Networks’ Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. They can be exploited to access sensitive data, such as […]

2 mins read

Ivanti warns of another critical CSA flaw exploited in attacks

September 20, 2024September 20, 2024 geekfeed0Tagged Actively Exploited, Cloud Services Appliance, Exploit Chain, Ivanti, Ivanti CSA, Path Traversal

Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. Tracked as CVE-2024-8963, this admin bypass vulnerability is caused by a path traversal weakness. Successful exploitation allows remote unauthenticated attackers to access restricted functionality on vulnerable CSA systems (used as gateways to provide enterprise users secure […]

3 mins read