CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
High
The version of Ivanti Endpoint Manager Cloud Services Appliance running on the remote host is prior to 4.6 Patch 519. It is, therefore, affected by multiple vulnerabilities:
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability. CVE-2024-8190)
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. (CVE-2024-8963)
Note that Nessus has not tested for these issues but has instead relied only on the service’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(207345);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/18");
script_cve_id("CVE-2024-8190");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/10/04");
script_name(english:"Ivanti Endpoint Manager - Cloud Service Appliance < 4.6-519 / 5.0 Command Injection");
script_set_attribute(attribute:"synopsis", value:
"The instance of Ivanti Endpoint Manager Cloud Services Appliance running on the remote host is affected by command
injection vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Ivanti Endpoint Manager Cloud Services Appliance running on the remote host is prior to 4.6.0-519.
It is, therefore, affected by an command injection vulnerability. An unauthenticated, remote user can execute arbitrary
code. The attacker must have admin level privileges to exploit this vulnerability.
Note that Nessus has not tested for these issues but has instead relied only on the service's self-reported version
number.");
# https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c5414a7a");
script_set_attribute(attribute:"solution", value:
"Update to Ivanti Endpoint Manager Cloud Services Appliance 4.6.0-519 or later");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-8190");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/09/10");
script_set_attribute(attribute:"patch_publication_date", value:"2024/09/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/17");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ivanti:endpoint_manager_cloud_services_appliance");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ivanti_endpoint_manager_csa_web_detect.nbin");
script_require_keys("installed_sw/Ivanti Endpoint Manager Cloud Services Appliance");
script_require_ports("Services/www", 443);
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var port = get_http_port(default:443);
var app_info = vcf::ivanti_csa::get_app_info(app:'Ivanti Endpoint Manager Cloud Services Appliance', win_local:TRUE, port:port);
var constraints = [
{ 'fixed_version':'4.6.0.519', 'fixed_display':'4.6.0.519 / 5.0'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
Confidence
High