Known Exploited Vulnerability
9.4
CRITICAL
CVE-2024-8963
Ivanti Cloud Services Appliance (CSA) Path Travers - [Actively Exploited]
Description

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

INFO

Published Date :

Sept. 19, 2024, 6:15 p.m.

Last Modified :

Sept. 20, 2024, 4:32 p.m.

Source :

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Remotely Exploitable :

Yes !

Impact Score :

5.5

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.

Required Action :

As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.

Notes :

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 ; https://nvd.nist.gov/vuln/detail/CVE-2024-8963

Affected Products

The following products are affected by CVE-2024-8963 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ivanti endpoint_manager_cloud_services_appliance
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-8963.

URL Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-8963 vulnerability anywhere in the article.

  • Cybersecurity News
MediaTek Patches Critical Vulnerabilities in Smartphone, Tablet, and IoT Chipsets

MediaTek, a leading semiconductor company, has issued an October 2024 Product Security Bulletin addressing critical vulnerabilities affecting a wide range of its chipsets, including those used in smar ... Read more

Published Date: Oct 07, 2024 (20 hours, 17 minutes ago)
  • Cybersecurity News
Security Vulnerabilities Uncovered in Jenkins: Immediate Updates Recommended

The Jenkins project has issued a security advisory, urging users to update their installations immediately due to the discovery of multiple vulnerabilities. These flaws could allow attackers to steal ... Read more

Published Date: Oct 03, 2024 (4 days, 16 hours ago)
  • The Hacker News
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

Vulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May t ... Read more

Published Date: Oct 03, 2024 (4 days, 18 hours ago)
  • Cybersecurity News
CVE-2024-22170 (CVSS 9.2): Western Digital Addresses Critical Flaw in My Cloud Devices

Western Digital has released a security advisory addressing a high-severity vulnerability (CVE-2024-22170) impacting a range of My Cloud devices. The vulnerability, which carries a CVSS score of 9.2, ... Read more

Published Date: Oct 01, 2024 (6 days, 22 hours ago)
  • Dark Reading
Third Ivanti Bug Comes Under Active Exploit, CISA Warns

Source: Kristoffer Tripplaar via Alamy Stock PhotoThe Cybersecurity and Infrastructure Security Agency (CISA) has added a third Ivanti vulnerability to the agency's Known Exploited Vulnerabilities (KE ... Read more

Published Date: Sep 25, 2024 (1 week, 5 days ago)
  • The Hacker News
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Expl ... Read more

Published Date: Sep 25, 2024 (1 week, 5 days ago)
  • TheCyberThrone
TheCyberThrone Security Week In Review – September 21, 2024

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 21, 2024.Microsoft Kernel Vulne ... Read more

Published Date: Sep 22, 2024 (2 weeks, 1 day ago)
  • TheCyberThrone
Nigerian ngCERT warns on exploitation of Veeam CVE-2023-27532

Nigerian ngCERT has issued an urgent warning of ransomware groups actively targeting critical systems by exploiting the vulnerability tracked as CVE-2023-27532 in Veeam Backup and Replication software ... Read more

Published Date: Sep 21, 2024 (2 weeks, 2 days ago)
  • Dark Reading
Ivanti's Cloud Service Appliance Attacked via Second Vuln

Source: Kristoffer Tripplaar via Alamy Stock PhotoLess than two weeks after patching one flaw, Ivanti announced on Sept. 19 that a second, critical Cloud Services Appliance (CSA) vulnerability is bein ... Read more

Published Date: Sep 20, 2024 (2 weeks, 3 days ago)
  • The Register
Ivanti patches exploited admin command execution flaw

The US Cybersecurity and Infrastructure Security Agency (CISA) just added the latest Ivanti weakness to its Known Exploited Vulnerability (KEV) catalog, a situation sure to annoy some – given that it' ... Read more

Published Date: Sep 20, 2024 (2 weeks, 3 days ago)
  • security.nl
Ivanti waarschuwt voor actief misbruik van 'toevallig' gepatcht CSA-lek

Softwarebedrijf Ivanti waarschuwt klanten voor een kritiek path traversal-lek in Cloud Service Appliance (CSA) waar aanvallers actief misbruik van maken en dat 'bij toeval' op 10 september werd opgelo ... Read more

Published Date: Sep 20, 2024 (2 weeks, 3 days ago)
  • TheCyberThrone
Ivanti fixes CVE-2024-8963 Flaw that added to KEV catalog

Ivanti has released a patch for a critical vulnerability in its new Cloud Services Appliance (CSA) vulnerability, which will lead to a path traversal issueThe vulnerability tracked as CVE-2024-8963 wi ... Read more

Published Date: Sep 20, 2024 (2 weeks, 3 days ago)
  • The Hacker News
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Enterprise Security / Network Security Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, ... Read more

Published Date: Sep 20, 2024 (2 weeks, 3 days ago)
  • BleepingComputer
Ivanti warns of another critical CSA flaw exploited in attacks

Image: MidjourneyToday, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. Tracked as CVE-2024-896 ... Read more

Published Date: Sep 19, 2024 (2 weeks, 4 days ago)

The following table lists the changes that have been made to the CVE-2024-8963 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Sep. 20, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    Changed Reference Type https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 No Types Assigned https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 Vendor Advisory
    Added CWE NIST CWE-22
    Added CPE Configuration OR *cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:-:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:patch_512:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Sep. 20, 2024

    Action Type Old Value New Value
    Added Date Added 2024-09-19
    Added Vulnerability Name Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
    Added Due Date 2024-10-10
    Added Required Action As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.
  • CVE Received by 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

    Sep. 19, 2024

    Action Type Old Value New Value
    Added Description Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
    Added Reference ivanti https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 [No types assigned]
    Added CWE ivanti CWE-22
    Added CVSS V3.1 ivanti AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-8963 is associated with the following CWEs:

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability