CVE-2024-8963

critical

Description

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

References

https://www.infosecurity-magazine.com/news/cisa-fbi-warn-chained-attacks/

https://www.darkreading.com/vulnerabilities-threats/cisa-ivanti-vulns-chained-attacks

https://www.bleepingcomputer.com/news/security/cisa-hackers-still-exploiting-older-ivanti-bugs-to-breach-networks/

https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/

https://thehackernews.com/2024/10/nation-state-attackers-exploiting.html

https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa

https://securityaffairs.com/169619/security/u-s-cisa-adds-ivanti-csa-and-fortinet-bugs-to-its-known-exploited-vulnerabilities-catalog.html

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-three-more-csa-zero-days-exploited-in-attacks/

https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html

https://www.securityweek.com/third-recent-ivanti-product-vulnerability-exploited-in-the-wild/

https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-another-critical-csa-flaw-exploited-in-attacks/

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963

Details

Source: Mitre, NVD

Published: 2024-09-19

Updated: 2024-09-20

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical