CVE-2024-9380
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
62.8%
p99
KEV
YES
Oct 9, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Ivanti / Cloud Services Appliance (CSA)
Vulnerability
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
Added to KEV
Oct 9, 2024
Remediate by
Oct 30, 2024
Known ransomware use
No
Summary description
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Required action
As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution.
Notes
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9380