CVE-2024-8190

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ivanti:cloud_services_appliance:4.6:-::::::
	cpe:2.3:a:ivanti:cloud_services_appliance:4.6:patch_518::::::

History

16 Sep 2024, 13:44

Type	Values Removed	Values Added
First Time		Ivanti Ivanti cloud Services Appliance
CPE		cpe:2.3:a:ivanti:cloud_services_appliance:4.6:-:::::: cpe:2.3:a:ivanti:cloud_services_appliance:4.6:patch_518::::::
References	~~() https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 -~~	() https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 - Vendor Advisory

11 Sep 2024, 16:26

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de inyección de comandos del sistema operativo en las versiones 4.6, parche 518 y anteriores de Ivanti Cloud Services Appliance permite que un atacante autenticado de forma remota obtenga la ejecución remota de código. El atacante debe tener privilegios de nivel de administrador para aprovechar esta vulnerabilidad.

10 Sep 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 21:15

Updated : 2024-09-16 13:44

NVD link : CVE-2024-8190

Mitre link : CVE-2024-8190

CVE.ORG link : CVE-2024-8190

JSON object : View

Products Affected

ivanti

cloud_services_appliance

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-8190", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-09-10T21:15:14.697", "references": [{"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190", "tags": ["Vendor Advisory"], "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en las versiones 4.6, parche 518 y anteriores de Ivanti Cloud Services Appliance permite que un atacante autenticado de forma remota obtenga la ejecuci\u00f3n remota de c\u00f3digo. El atacante debe tener privilegios de nivel de administrador para aprovechar esta vulnerabilidad."}], "lastModified": "2024-09-16T13:44:18.173", "cisaActionDue": "2024-10-04", "cisaExploitAdd": "2024-09-13", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:cloud_services_appliance:4.6:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B63CA83-3DB3-4670-878E-17A54586B25E"}, {"criteria": "cpe:2.3:a:ivanti:cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61C0BF44-691D-4811-BE9E-FB9B6CC856B9"}], "operator": "OR"}]}], "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "cisaRequiredAction": "As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.", "cisaVulnerabilityName": "Ivanti Cloud Services Appliance OS Command Injection Vulnerability"}