Remote Code Execution Vulnerability in Ivanti CSABefore Version 5.0.3
CVE-2024-11772

7.2HIGH

Key Information:

Vendor
Ivanti
Status
Cloud Services Application
Vendor
CVE Published:
10 December 2024

Badges

πŸ“° News Worthy

Summary

A command injection vulnerability exists in the admin web console of Ivanti Cloud Services Application prior to version 5.0.3. This issue enables a remote authenticated attacker, who possesses administrative privileges, to execute arbitrary code on affected systems. As a result, attackers could exploit this vulnerability to gain unauthorized access or control over sensitive data and processes, potentially leading to severe security breaches.

Affected Version(s)

Cloud Services Application 5.0.3

News Articles

favicon imageThe Hacker News

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Ivanti releases patches for critical flaws in CSA and Connect Secure, addressing privilege escalation and code execution risks.

1 month ago

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.