Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability

Added Oct. 9, 2024 • Due Oct. 30, 2024 • CVE-2024-9380

Overdue Ivanti / Cloud Services Appliance (CSA) CWE-77

Description

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Required Action

As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution.

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381
https://nvd.nist.gov/vuln/detail/CVE-2024-9380

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 7 months, 2 weeks ago