Unrestricted Access: Path Traversal Vulnerability in Ivanti CSA
Key Information
- Vendor
- Ivanti
- Status
- Csa (cloud Services Appliance)
- Vendor
- CVE Published:
- 19 September 2024
Badges
Summary
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-8963 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.
Affected Version(s)
CSA (Cloud Services Appliance) <= 4.6 Patch 519
CSA (Cloud Services Appliance) >= 4.6 Patch 519
CSA (Cloud Services Appliance) >= 5.0
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability published.
Vulnerability Reserved.