Unrestricted Access: Path Traversal Vulnerability in Ivanti CSA

CVE-2024-8963

9.4CRITICAL

Key Information

Vendor: Ivanti
Status: Csa (cloud Services Appliance)
Vendor: CVE Published:; 19 September 2024

Badges

👾 Exploit Exists

Summary

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-8963 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.

Affected Version(s)

CSA (Cloud Services Appliance) <= 4.6 Patch 519

CSA (Cloud Services Appliance) >= 4.6 Patch 519

CSA (Cloud Services Appliance) >= 5.0

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 20, 2024
Vulnerability published.
Sep 19, 2024
Vulnerability Reserved.
Sep 17, 2024

Collectors

Mitre DatabaseCISA Database