RCE in Ivanti Csa (Cloud Services Appliance)
CVE-2024-8190
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit thi…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.919 (99.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Ivanti Csa (Cloud Services Appliance) — versions 4.6 Patch 519, 5.0
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2024-8190?
- CVE-2024-8190 is a high-severity vulnerability in Ivanti Csa (Cloud Services Appliance), classified under OS Command Injection. CVSS score: 7.2/10. Published 2024-09-10.
- How severe is CVE-2024-8190?
- High severity. CVSS v3 base score is 7.2 out of 10.
- Is CVE-2024-8190 known to be exploited?
- Yes. CVE-2024-8190 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-09-13), indicating it is being actively exploited. 23 public proof-of-concept repositories are indexed.