CVE-2024-11771

Name of the Vulnerable Software and Affected Versions Ivanti CSA versions prior to 5.0.5

Description The issue allows a remote unauthenticated attacker to access restricted functionality due to path traversal. There is also a mention of OS command injection in the admin web console, which can allow a remote authenticated attacker with admin privileges to achieve remote code execution.

Recommendations For versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin web console and limiting privileges to minimize the risk of exploitation.