Explore the leading Internet Intelligence Platform for Threat Hunting and Attack Surface Management.
Discover how to empower your security teams to defend attack surfaces and hunt for threats.
See how Censys empowers security teams across industries.
Explore Censys thought leadership on threat hunting, attack surface management, and industry trends.
Learn more about the Censys mission and the talented team behind it.
Date of Disclosure: September 19, 2024
CVE-2024-8963 is a critical vulnerability affecting Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 519 and earlier, with a CVSS score of 9.4.
If successfully exploited it allows a remote unauthenticated attacker to achieve restricted access. As noted in Ivanti’s security advisory, if chained with CVE-2024-8190 (OS command injection) an attacker can gain admin privileges and achieve RCE.
CVE-2024-8190 – CVSS 7.2 (High)
Not currently in CISA KEV.
At the time of writing, Censys observes 2,017 exposed Ivanti CSA instances online, mostly concentrated in the U.S. Note that not all of these are necessarily vulnerable – as specific device versions are not available. This vulnerability affects CSA versions 4.6.0 and earlier.
To identify exposed Ivanti Cloud Services Appliance instances, the following Censys queries can be used:
Censys Search Query:
services.http.response.html_title=`Ivanti(R) Cloud Services Appliance`
Censys ASM Query:
host.services.http.response.html_title=`Ivanti(R) Cloud Services Appliance` or web_entity.instances.http.response.html_title=`Ivanti(R) Cloud Services Appliance`
