Skip to main content

Date of Disclosure: September 19, 2024

CVE-ID and CVSS Score: CVE-2024-8963 is a critical vulnerability with a CVSS score of 9.4.
Issue Name and Description: Ivanti Cloud Services Appliance (CSA)
 

If successfully exploited it allows a remote unauthenticated attacker to achieve restricted access. As noted in Ivanti’s security advisory, if chained with CVE-2024-8190 (OS command injection) an attacker can gain admin privileges and achieve RCE.
 

Censys Perspective

At the time of writing, Censys observes 2,017 exposed Ivanti CSA instances online, mostly concentrated in the U.S. Note that not all of these are necessarily vulnerable – as specific device versions are not available. This vulnerability affects CSA versions 4.6.0 and earlier.


To identify potentially exposed Ivanti Cloud Services Appliance instances, the following Censys queries can be used:

  • Censys Search Query: services.http.response.html_title=`Ivanti(R) Cloud Services Appliance`
  • Censys ASM Query: host.services.http.response.html_title=`Ivanti(R) Cloud Services Appliance` or web_entity.instances.http.response.html_title=`Ivanti(R) Cloud Services Appliance`

References

  1. https://www.cve.org/CVERecord?id=CVE-2024-8963
  2. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US
  3. https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance
  4. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US&_gl=1*11u91ls*_gcl_au*OTI3NTYxOTczLjE3MjIyOTAxMjk.
Be the first to reply!

Reply