Vulnerability Details
Basic Information
| Title | Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771) |
|---|---|
| Type | ivanti |
| Published | 2025-11-02T15:00:07 |
| Last Seen | 2025-04-26T23:47:01 |
| CVSS Score | 9.1 (CRITICAL) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | HIGH |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2024-11771, CVE-2024-47908 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
Ivanti has released updates for Ivanti Cloud Services Application (CSA) which addresses critical and medium severity vulnerabilities. Successful exploitation of CVE-2024-47908 could allow a remote authenticated attacker to achieve remote code execution and CVE-2024-11771 could allow a remote unauthenticated attacker to access restricted functionality.
We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.
Vulnerability Details:
CVE Number | Description | CVSS Score (Severity) | CVSS Vector | CWE
—|—|—|—|—
CVE-2024-47908 | OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CWE-78
CVE-2024-11771 | Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. | 5.3 (Medium) | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | CWE-22
Affected Versions
Product Name | Affected Version(s) | Resolved Version(s) | Patch Availability
—|—|—|—
Ivanti CSA | 5.0.4 and prior | 5.0.5 | Download Portal https://forums.ivanti.com/s/article/CSA-5-0-Download
Solution
Customers who have not already done so should upgrade to CSA 5.0.5 as described HERE
Customers running CSA 5.0.4 and prior should update to CSA 5.0.5.
FAQ
1. Are you aware of any active exploitation of these vulnerabilities?
* We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program.
2. How can I tell if I have been compromised?
* Currently, there is no known public exploitation of this these vulnerabilities that could be used to provide a list of indicators of compromise.
3. What should I do if I need help?
* If you have questions after reviewing this information, you can log a case and/or request a call via the Success Portal
Impact Assessment
| Base Score | 9.1 |
|---|---|
| Severity | CRITICAL |