Remote Code Execution Vulnerability in Ivanti CSABefore Version 5.0.3

CVE-2024-11772

What is CVE-2024-11772?

A command injection vulnerability exists in the admin web console of Ivanti Cloud Services Application prior to version 5.0.3. This issue enables a remote authenticated attacker, who possesses administrative privileges, to execute arbitrary code on affected systems. As a result, attackers could exploit this vulnerability to gain unauthorized access or control over sensitive data and processes, potentially leading to severe security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

The Hacker News

CVE-2024-11639CVE-2024-11772

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Ivanti releases patches for critical flaws in CSA and Connect Secure, addressing privilege escalation and code execution risks.

References