Remote Access Bypass Vulnerability in Ivanti CSA Before v5.0.2
CVE-2024-9381

7.2HIGH

Key Information:

Vendor: Ivanti
Status: Csa (cloud Services Appliance)
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-9381?

A path traversal vulnerability exists in Ivanti's Cloud Services Appliance (CSA) prior to version 5.0.2 that allows remote authenticated attackers with admin privileges to bypass established restrictions. This flaw can be exploited to gain unauthorized access to secure files or directories, potentially leading to further system compromises. Administrators are advised to review access controls and apply updates promptly to mitigate potential risks associated with this vulnerability.

Affected Version(s)

CSA (Cloud Services Appliance) 5.0.2

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 30, 2024

JSON