Skip to content
Analyst Insight: Download your copy of the Gartner® Hype Cycle™ for Security Operations, 2024 Report today! | Get Report
Advisory

Ivanti Cloud Services Appliance (CSA) Unauthenticated Remote Code Execution Vulnerability [CVE-2024-8963 and CVE-2024-8190]

Date of Disclosure: September 19, 2024

CVE-2024-8963 is a critical vulnerability affecting Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 519 and earlier, with a CVSS score of 9.4.

If successfully exploited it allows a remote unauthenticated attacker to achieve restricted access. As noted in Ivanti’s security advisory, if chained with CVE-2024-8190 (OS command injection) an attacker can gain admin privileges and achieve RCE.

 

CVE-ID CVE-2024-8963 – CVSS 9.4 (Critical)

CVE-2024-8190 – CVSS 7.2 (High)

Date of Disclosure September 19, 2024
Affected Assets Ivanti Cloud Services Appliance (CSA) is tool for virtual remote access.
Vulnerable Versions Ivanti CSA 4.6.0 and earlier (all versions before Patch 519)
PoC Available? No
Exploitation Status Ivanti noted limited exploitation reports among customers.

Not currently in CISA KEV.

Patch Status Ivanti CSA Version 4.6 Patch 519– however note that version 4.6 is EOL, and customers are recommended to update to version 5.0 or later for continued support.

Censys Perspective

At the time of writing, Censys observes 2,017 exposed Ivanti CSA instances online, mostly concentrated in the U.S. Note that not all of these are necessarily vulnerable – as specific device versions are not available. This vulnerability affects CSA versions 4.6.0 and earlier.

To identify exposed Ivanti Cloud Services Appliance instances, the following Censys queries can be used:

Censys Search Query:

services.http.response.html_title=`Ivanti(R) Cloud Services Appliance`

Censys ASM Query:

host.services.http.response.html_title=`Ivanti(R) Cloud Services Appliance` or web_entity.instances.http.response.html_title=`Ivanti(R) Cloud Services Appliance`

References

  1. https://www.cve.org/CVERecord?id=CVE-2024-8963
  2. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US
  3. https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance
  4. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US&_gl=1*11u91ls*_gcl_au*OTI3NTYxOTczLjE3MjIyOTAxMjk.

 

Attack Surface Management Solutions
Learn more