{"id":2345,"date":"2025-05-02T07:02:35","date_gmt":"2025-05-02T07:02:35","guid":{"rendered":"http:\/\/localhost\/?p=2345"},"modified":"2025-05-02T07:02:35","modified_gmt":"2025-05-02T07:02:35","slug":"security-advisory-ivanti-cloud-services-application-csa-cve-2024-47908-cve-2024-11771","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=2345","title":{"rendered":"Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771)"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nSecurity Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771)<\/td>\n<\/tr>\n
Type<\/th>\nivanti<\/td>\n<\/tr>\n
Published<\/th>\n2025-11-02T15:00:07<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-05-02T07:47:21<\/td>\n<\/tr>\n
CVSS Score<\/th>\n9.1 (CRITICAL)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nHIGH<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2024-11771, CVE-2024-47908<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nsoftware<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n Summary<\/p>\n

Ivanti has released updates for Ivanti Cloud Services Application (CSA) which addresses critical and medium severity vulnerabilities. Successful exploitation of CVE-2024-47908 could allow a remote authenticated attacker to achieve remote code execution and CVE-2024-11771 could allow a remote unauthenticated attacker to access restricted functionality.<\/p>\n

We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.<\/p>\n

Vulnerability Details:<\/p>\n

CVE Number | Description | CVSS Score (Severity) | CVSS Vector | CWE
\n—|—|—|—|—
\nCVE-2024-47908 | OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 9.1 (Critical) | CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H | CWE-78
\nCVE-2024-11771 | Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. | 5.3 (Medium) | CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N | CWE-22 <\/p>\n

Affected Versions<\/p>\n

Product Name | Affected Version(s) | Resolved Version(s) | Patch Availability
\n—|—|—|—
\nIvanti CSA | 5.0.4 and prior | 5.0.5 | Download Portal https:\/\/forums.ivanti.com\/s\/article\/CSA-5-0-Download <\/p>\n

Solution<\/p>\n

Customers who have not already done so should upgrade to CSA 5.0.5 as described HERE<\/p>\n

Customers running CSA 5.0.4 and prior should update to CSA 5.0.5.<\/p>\n

FAQ<\/p>\n

1. Are you aware of any active exploitation of these vulnerabilities?
\n * We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program.
\n 2. How can I tell if I have been compromised?
\n * Currently, there is no known public exploitation of this these vulnerabilities that could be used to provide a list of indicators of compromise.
\n 3. What should I do if I need help?
\n * If you have questions after reviewing this information, you can log a case and\/or request a call via the Success Portal<\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n9.1<\/td>\n<\/tr>\n
Severity<\/th>\nCRITICAL<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n