CVE-2024-9380
HIGH
Published 2024-10-08T16:23:49.949Z
Actions:
CVSS Score
V3.1
7.2
/10
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.043
probability
of exploitation in the wild
There is a 4.3% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.923
Higher than 92.3% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
Affected Versions:
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Overdue
Due Date
October 30, 2024
Added to KEV
October 9, 2024
Required Action
As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution.
Affected Product
Vendor/Project:
Ivanti
Product:
Cloud Services Appliance (CSA)
Ransomware Risk
Known Ransomware Use
KEV Catalog Version: 2025.01.24
Released: January 24, 2025
Published: 2024-10-08T16:23:49.949Z
Last Modified: 2024-10-10T13:49:33.688Z
Copied to clipboard!