CVE-2024-9380

Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance (CSA) versions prior to 5.0.2

Description: The issue is related to an OS command injection vulnerability in the admin web console of Ivanti CSA. This vulnerability allows a remote authenticated attacker with admin privileges to obtain remote code execution. The estimated number of potentially affected devices worldwide is not specified. However, it is mentioned that this type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks. There are reports of this issue being actively exploited in the wild.

Recommendations: For Ivanti Cloud Services Appliance (CSA) versions prior to 5.0.2, upgrade to version 5.0.2 or later to prevent authenticated admins from executing remote code. As a temporary workaround, consider restricting access to the admin web console to minimize the risk of exploitation.