CVE-2024-8190
Vulnerability from cvelistv5
Published
2024-09-10 20:33
Modified
2024-09-16 13:24
Severity ?
EPSS score ?
Summary
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Ivanti | CSA (Cloud Services Appliance) |
Patch: 4.6 Patch 519 Patch: 5.0 |
|
|
|||
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2024-09-13
Due date: 2024-10-04
Required action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.
Used in ransomware: Unknown
Notes: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190; https://nvd.nist.gov/vuln/detail/CVE-2024-8190
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "endpoint_manager_cloud_services_appliance",
"vendor": "ivanti",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8190",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-09-13",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-14T03:55:55.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-09-13T00:00:00+00:00",
"value": "CVE-2024-8190 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-16T13:24:41.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "CSA (Cloud Services Appliance)",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "4.6 Patch 519",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability."
}
],
"value": "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T20:33:44.793Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-8190",
"datePublished": "2024-09-10T20:33:44.793Z",
"dateReserved": "2024-08-26T19:12:19.826Z",
"dateUpdated": "2024-09-16T13:24:41.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"cisa_known_exploited": {
"cveID": "CVE-2024-8190",
"cwes": "[\"CWE-78\"]",
"dateAdded": "2024-09-13",
"dueDate": "2024-10-04",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190; https://nvd.nist.gov/vuln/detail/CVE-2024-8190",
"product": "Cloud Services Appliance",
"requiredAction": "As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.",
"shortDescription": "Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.",
"vendorProject": "Ivanti",
"vulnerabilityName": "Ivanti Cloud Services Appliance OS Command Injection Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-8190\",\"sourceIdentifier\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"published\":\"2024-09-10T21:15:14.697\",\"lastModified\":\"2024-11-26T19:55:46.433\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en las versiones 4.6, parche 518 y anteriores de Ivanti Cloud Services Appliance permite que un atacante autenticado de forma remota obtenga la ejecuci\u00f3n remota de c\u00f3digo. El atacante debe tener privilegios de nivel de administrador para aprovechar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2024-09-13\",\"cisaActionDue\":\"2024-10-04\",\"cisaRequiredAction\":\"As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.\",\"cisaVulnerabilityName\":\"Ivanti Cloud Services Appliance OS Command Injection Vulnerability\",\"weaknesses\":[{\"source\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:cloud_services_appliance:4.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B63CA83-3DB3-4670-878E-17A54586B25E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*\",\"matchCriteriaId\":\"61C0BF44-691D-4811-BE9E-FB9B6CC856B9\"}]}]}],\"references\":[{\"url\":\"https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190\",\"source\":\"3c1d8aa1-5a33-4ea4-8992-aadd6440af75\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.