CVE-2024-8963 - Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
Project:Ivanti
Product:Cloud Services Appliance (CSA)
Date Added:2024-09-19Due Date:2024-10-10
Vulnerability Name
Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
Description
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.
Additional Notes
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963
https://nvd.nist.gov/vuln/detail/CVE-2024-8963
Related News Articles
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell ToolApril 15, 2025
CISA: Ivanti Vulns Chained Together in Cyberattack OnslaughtJanuary 24, 2025
CISA: Hackers still exploiting older Ivanti bugs to breach networksJanuary 24, 2025
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)January 23, 2025
Ivanti warns of maximum severity CSA auth bypass vulnerabilityDecember 11, 2024