CVE-2024-8190
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
89.0%
p100
KEV
SÍ
13 sept 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Ivanti / Cloud Services Appliance
Vulnerabilidad
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
Añadido a KEV
13 sept 2024
Remediar antes de
4 oct 2024
Uso conocido en ransomware
No
Descripción resumida
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Acción requerida
As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.
Notas
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190; https://nvd.nist.gov/vuln/detail/CVE-2024-8190
Sin CVEs relacionados por CWE o producto.