CVE-2024-8190 - Ivanti Cloud Services Appliance OS Command Injection Vulnerability
Project:Ivanti
Product:Cloud Services Appliance
Date Added:2024-09-13Due Date:2024-10-04
Vulnerability Name
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
Description
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.
Additional Notes
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190
https://nvd.nist.gov/vuln/detail/CVE-2024-8190
Related News Articles
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell ToolApril 15, 2025
CISA: Ivanti Vulns Chained Together in Cyberattack OnslaughtJanuary 24, 2025
CISA: Hackers still exploiting older Ivanti bugs to breach networksJanuary 24, 2025
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)January 23, 2025
Ivanti warns of maximum severity CSA auth bypass vulnerabilityDecember 11, 2024