Date of Disclosure: September 19, 2024
CVE-2024-8963 is a critical vulnerability affecting Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 519 and earlier, with a CVSS score of 9.4.
If successfully exploited it allows a remote unauthenticated attacker to achieve restricted access. As noted in Ivanti’s security advisory, if chained with CVE-2024-8190 (OS command injection) an attacker can gain admin privileges and achieve RCE.
| CVE-ID | CVE-2024-8963 – CVSS 9.4 (Critical)
CVE-2024-8190 – CVSS 7.2 (High) |
| Date of Disclosure | September 19, 2024 |
| Affected Assets | Ivanti Cloud Services Appliance (CSA) is tool for virtual remote access. |
| Vulnerable Versions | Ivanti CSA 4.6.0 and earlier (all versions before Patch 519) |
| PoC Available? | No |
| Exploitation Status | Ivanti noted limited exploitation reports among customers.
Not currently in CISA KEV. |
| Patch Status | Ivanti CSA Version 4.6 Patch 519– however note that version 4.6 is EOL, and customers are recommended to update to version 5.0 or later for continued support. |
Censys Perspective
At the time of writing, Censys observes 2,017 exposed Ivanti CSA instances online, mostly concentrated in the U.S. Note that not all of these are necessarily vulnerable – as specific device versions are not available. This vulnerability affects CSA versions 4.6.0 and earlier.
To identify exposed Ivanti Cloud Services Appliance instances, the following Censys queries can be used:
services.http.response.html_title=`Ivanti(R) Cloud Services Appliance`host.services.http.response.html_title=`Ivanti(R) Cloud Services Appliance` or web_entity.instances.http.response.html_title=`Ivanti(R) Cloud Services Appliance`References
- https://www.cve.org/CVERecord?id=CVE-2024-8963
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US
- https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US&_gl=1*11u91ls*_gcl_au*OTI3NTYxOTczLjE3MjIyOTAxMjk.