An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
https://thehackernews.com/2024/10/nation-state-attackers-exploiting.html
https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html