CVE-2024-8190

2024-09-1021:15:14

CWE-78

ivanti

web.nvd.nist.gov

In Wild

ivanti cloud services appliance

command injection

remote code execution

admin privileges

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.151

Percentile

95.9%

JSON

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

Affected configurations

Nvd

Node

ivanticloud_services_applianceMatch4.6-

ivanticloud_services_applianceMatch4.6patch_518

VendorProductVersionCPE
ivanticloud_services_appliance4.6cpe:2.3:a:ivanti:cloud_services_appliance:4.6:-:*:*:*:*:*:*
ivanticloud_services_appliance4.6cpe:2.3:a:ivanti:cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	cloud_services_appliance	4.6	cpe:2.3:a:ivanti:cloud_services_appliance:4.6:-::::::
ivanti	cloud_services_appliance	4.6	cpe:2.3:a:ivanti:cloud_services_appliance:4.6:patch_518::::::

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "CSA (Cloud Services Appliance)",
    "vendor": "Ivanti",
    "versions": [
      {
        "status": "unaffected",
        "version": "4.6 Patch 519",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.0",
        "versionType": "custom"
      }
    ]
  }
]