Home / Vulnerabilities / CVE-2024-8190
HIGH SEVERITY
CVE-2024-8190 Ivanti · Cloud Services Appliance

Ivanti Cloud Services Appliance OS Command Injection Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
7.2 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

91.94 %
Predictive Probability
Percentile Rank
99.7 th

Documented as more likely to be exploited than 99.7% of known CVEs.

Detection Date

Sep 13, 2024

Remediation Due

Oct 04, 2024

CISA Catalog Active

Threat Analysis

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Remediation Directive

As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.

External Intelligence

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2024-8190