CVE-2024-47908 (CVSS 9.1): Critical Ivanti CSA Flaw Enables Attackers to Run Arbitrary Code

Ivanti has issued a security advisory regarding critical vulnerabilities in its Cloud Services Application (CSA). The vulnerabilities, identified as CVE-2024-47908 and CVE-2024-11771, could allow attackers to execute remote code execution and gain unauthorized access to sensitive data.

CVE-2024-47908 is a critical vulnerability (CVSS score 9.1) stemming from an OS command injection flaw in the admin web console of Ivanti CSA. This vulnerability allows a remote authenticated attacker with admin privileges to execute arbitrary code on the vulnerable system.

CVE-2024-11771 is a medium severity vulnerability (CVSS score 5.3) caused by a path traversal issue. This flaw could allow a remote unauthenticated attacker to access restricted functionality and potentially retrieve sensitive information.

Ivanti has addressed these vulnerabilities in CSA version 5.0.5 and strongly urges all customers to update their systems immediately. The advisory states, “Customers running CSA 5.0.4 and prior should update to CSA 5.0.5.”

Customers can download the latest version from the Ivanti Download Portal. Ivanti has provided instructions on how to update to the latest version, which can be found HERE.

At the time of disclosure, Ivanti was not aware of any active exploits targeting these vulnerabilities. However, given the severity of the flaws, it is crucial for users to take immediate action and update their systems to prevent potential attacks.

Related Posts:

• CISA Adds Three Actively Exploited Security Vulnerabilities to KEV Catalog, Urges Urgent Patching
• Suspected Nation-State Adversary Exploits Ivanti CSA in a Series of Sophisticated Attacks
• CISA & Ivanti Warn of Active Exploitation Cloud Services Appliance Flaw CVE-2024-8190
• Critical Flaw in Ivanti CSA 4.6: CVE-2024-8963 Actively Exploited, Urgent Upgrade Required
• CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory