CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-8190

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.93

EPSS Ranking 99.8%

CVSS Severity

CVSS v3 Score 7.2

Proposed Action

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Ransomware Campaign

Unknown

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190
https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance

Products affected by CVE-2024-8190

Ivanti » Cloud Services Appliance » Version: 4.6

cpe:2.3:a:ivanti:cloud_services_appliance:4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8190

Products

Pricing

Contact Us