CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-9380

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.83

EPSS Ranking 99.2%

CVSS Severity

CVSS v3 Score 7.2

Proposed Action

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Ransomware Campaign

Unknown

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381

Products affected by CVE-2024-9380

Ivanti » Endpoint Manager Cloud Services Appliance » Version: 4.5

cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.5
Ivanti » Endpoint Manager Cloud Services Appliance » Version: 4.6

cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-9380

Products

Pricing

Contact Us