CVE-2024-8963NVD

Vulnerability Summary

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

Severity Level

CRITICAL(9.4)

Published Date

Sep 19, 2024

Last Modified

Sep 20, 2024

Exploitation Status

ACTIVE

Root Weakness (CWE)

CWE-22: Path Traversal ↗

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityLow

External References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963