PT-2024-9374 · Ivanti · Ivanti Csa

Published

2024-12-10

Updated

2025-01-17

CVE-2024-11772

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Ivanti CSA versions prior to 5.0.3

Description: The issue is related to command injection in the admin web console of Ivanti CSA, allowing a remote authenticated attacker with admin privileges to achieve remote code execution. This is due to inadequate data cleaning at the management level.

Recommendations: For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin web console to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2024-11064

CVE-2024-11772

Affected Products

Ivanti Csa

PT-2024-9374 · Ivanti · Ivanti Csa

CVE-2024-11772

Weakness Enumeration

Related Identifiers

Affected Products

References · 15