Unrestricted Access: Path Traversal Vulnerability in Ivanti CSA

CVE-2024-8963

9.1CRITICAL

Key Information

Vendor: Ivanti
Status: Csa (cloud Services Appliance)
Vendor: CVE Published:; 19 September 2024

Badges

👾 Exploit Exists🟣 EPSS 96%📰 News Worthy

Summary

CVE-2024-8963 is a critical path traversal vulnerability in Ivanti CSA that allows a remote unauthenticated attacker to access restricted functionality. This issue affects Ivanti CSA version 4.6 before Patch 519 and can be chained with a separate command injection flaw to execute commands with admin privileges. Ivanti has released a fix for this vulnerability and has issued an advisory urging customers to apply the patch as soon as possible. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerability (KEV) catalog, and they are instructing federal agencies to address it by October 10. There is an unspecified number of known exploits but no information on known exploitation by ransomware groups. This vulnerability is part of a larger trend of path traversal flaws affecting IT vendors and underscores the critical need for secure-by-design development practices in the software industry.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-8963 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.

Affected Version(s)

CSA (Cloud Services Appliance) <= 4.6 Patch 519

CSA (Cloud Services Appliance) >= 4.6 Patch 519

CSA (Cloud Services Appliance) >= 5.0

News Articles

CVE-2024-8963

CISA demands govt patches exploited Fortinet, Ivanti bugs

The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in its Known Exploited Vulnerabilities (KEV)...

1 month ago

CVE-2024-8963

3 More Ivanti Cloud Vulns Exploited in the Wild

The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).

1 month ago

TechTarget

CVE-2024-8963CVE-2024-9379

Ivanti zero-day vulnerabilities exploited in chained attack | TechT...

A limited number of Ivanti Cloud Service Application customers have been attacked in exploit chains containing zero-day vulnerabilities.

1 month ago

EPSS Score

96% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 22, 2024
Risk change from: 9.1 to: 9.4 - (CRITICAL)
Sep 21, 2024
First article discovered by SecurityWeek
Sep 20, 2024
Vulnerability published.
Sep 19, 2024
Vulnerability Reserved.
Sep 17, 2024

Collectors

NVD DatabaseMitre DatabaseCISA Database9 News Article(s)