June 4, 2026

CVE Watchtower


← Back to CVE List

CVE-2024-9380NVD

Vulnerability Summary

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
Severity Level
HIGH(7.2)
Published Date
Oct 8, 2024
Last Modified
Oct 10, 2024
Exploitation Status
ACTIVE
Weakness (CWE)
CWE-77 β†—
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

External References