Known Exploited Vulnerability
9.4
CRITICAL
CVE-2024-8963
Ivanti Cloud Services Appliance (CSA) Path Travers - [Actively Exploited]
Description

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

INFO

Published Date :

Sept. 19, 2024, 6:15 p.m.

Last Modified :

Sept. 20, 2024, 4:32 p.m.

Source :

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Remotely Exploitable :

Yes !

Impact Score :

5.5

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.

Required Action :

As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.

Notes :

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 ; https://nvd.nist.gov/vuln/detail/CVE-2024-8963

Public PoC/Exploit Available at Github

CVE-2024-8963 has a 4 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-8963 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ivanti endpoint_manager_cloud_services_appliance
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-8963.

URL Resource
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Python

Updated: 2 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : Nov. 28, 2024, 1:32 a.m. This repo has been linked 3 different CVEs too.

Ivanti Cloud Services Appliance - Path Traversal

Python

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : Nov. 13, 2024, 2:12 p.m. This repo has been linked 1 different CVEs too.

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

cisa-kev vulnerability 0day cisa exploits

Updated: 1 week, 5 days ago
548 stars 35 fork 35 watcher
Born at : April 19, 2022, 8:58 a.m. This repo has been linked 1228 different CVEs too.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 1 week, 4 days ago
6566 stars 1140 fork 1140 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 958 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-8963 vulnerability anywhere in the article.

  • The Hacker News
THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

Cybersecurity / Weekly Recap Hi there! Here's your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in l ... Read more

Published Date: Oct 21, 2024 (1 month, 3 weeks ago)
  • Cybersecurity News
HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published

In a significant discovery by Microsoft Threat Intelligence, a vulnerability in macOS, identified as CVE-2024-44133, has been found to bypass Apple’s Transparency, Consent, and Control (TCC) technolog ... Read more

Published Date: Oct 17, 2024 (2 months ago)
  • Dark Reading
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws

Source: Kristoffer Tripplaar via Alamy Stock Photo A deft chaining together of three separate zero-day flaws in Ivanti's Cloud Service Appliance allowed a particularly potent cyberattacker to infiltra ... Read more

Published Date: Oct 14, 2024 (2 months ago)
  • The Hacker News
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

Network Security / Vulnerability A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicio ... Read more

Published Date: Oct 14, 2024 (2 months ago)
  • Cybersecurity News
Suspected Nation-State Adversary Exploits Ivanti CSA in a Series of Sophisticated Attacks

Fortinet’s FortiGuard Labs recently released a detailed analysis of a sophisticated cyberattack targeting the Ivanti Cloud Services Appliance (CSA). The attackers, suspected to be a nation-state actor ... Read more

Published Date: Oct 13, 2024 (2 months ago)
  • Cybersecurity News
CISA Adds Three Actively Exploited Security Vulnerabilities to KEV Catalog, Urges Urgent Patching

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, following confirmed reports of active exploita ... Read more

Published Date: Oct 09, 2024 (2 months, 1 week ago)
  • TheCyberThrone
Ivanti releases patches to address CSA bugs

Ivanti has released patches for its Cloud Services Appliance (CSA) to address multiple vulnerabilities, including one that is actively being exploited in the wild.The vulnerabilities affect CSA versio ... Read more

Published Date: Oct 09, 2024 (2 months, 1 week ago)
  • Help Net Security
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in September. ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • The Hacker News
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjun ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • BleepingComputer
Ivanti warns of three more CSA zero-days exploited in attacks

Image: MidjourneyAmerican IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. As Ivanti revealed ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • Cybersecurity News
Ivanti Patches CSA Appliance Against Vulnerabilities, Including Actively Exploited Flaws

Ivanti has recently released urgent security updates for its Cloud Services Appliance (CSA) to address multiple vulnerabilities, including one that is actively being exploited in the wild. The company ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • Cybersecurity News
MediaTek Patches Critical Vulnerabilities in Smartphone, Tablet, and IoT Chipsets

MediaTek, a leading semiconductor company, has issued an October 2024 Product Security Bulletin addressing critical vulnerabilities affecting a wide range of its chipsets, including those used in smar ... Read more

Published Date: Oct 07, 2024 (2 months, 1 week ago)
  • Cybersecurity News
Security Vulnerabilities Uncovered in Jenkins: Immediate Updates Recommended

The Jenkins project has issued a security advisory, urging users to update their installations immediately due to the discovery of multiple vulnerabilities. These flaws could allow attackers to steal ... Read more

Published Date: Oct 03, 2024 (2 months, 2 weeks ago)
  • The Hacker News
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

Vulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May t ... Read more

Published Date: Oct 03, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
CVE-2024-22170 (CVSS 9.2): Western Digital Addresses Critical Flaw in My Cloud Devices

Western Digital has released a security advisory addressing a high-severity vulnerability (CVE-2024-22170) impacting a range of My Cloud devices. The vulnerability, which carries a CVSS score of 9.2, ... Read more

Published Date: Oct 01, 2024 (2 months, 2 weeks ago)
  • Dark Reading
Third Ivanti Bug Comes Under Active Exploit, CISA Warns

Source: Kristoffer Tripplaar via Alamy Stock PhotoThe Cybersecurity and Infrastructure Security Agency (CISA) has added a third Ivanti vulnerability to the agency's Known Exploited Vulnerabilities (KE ... Read more

Published Date: Sep 25, 2024 (2 months, 3 weeks ago)
  • The Hacker News
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Expl ... Read more

Published Date: Sep 25, 2024 (2 months, 3 weeks ago)
  • TheCyberThrone
TheCyberThrone Security Week In Review – September 21, 2024

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 21, 2024.Microsoft Kernel Vulne ... Read more

Published Date: Sep 22, 2024 (2 months, 3 weeks ago)
  • TheCyberThrone
Nigerian ngCERT warns on exploitation of Veeam CVE-2023-27532

Nigerian ngCERT has issued an urgent warning of ransomware groups actively targeting critical systems by exploiting the vulnerability tracked as CVE-2023-27532 in Veeam Backup and Replication software ... Read more

Published Date: Sep 21, 2024 (2 months, 3 weeks ago)
  • Dark Reading
Ivanti's Cloud Service Appliance Attacked via Second Vuln

Source: Kristoffer Tripplaar via Alamy Stock PhotoLess than two weeks after patching one flaw, Ivanti announced on Sept. 19 that a second, critical Cloud Services Appliance (CSA) vulnerability is bein ... Read more

Published Date: Sep 20, 2024 (2 months, 3 weeks ago)
  • The Register
Ivanti patches exploited admin command execution flaw

The US Cybersecurity and Infrastructure Security Agency (CISA) just added the latest Ivanti weakness to its Known Exploited Vulnerability (KEV) catalog, a situation sure to annoy some – given that it' ... Read more

Published Date: Sep 20, 2024 (2 months, 3 weeks ago)
  • security.nl
Ivanti waarschuwt voor actief misbruik van 'toevallig' gepatcht CSA-lek

Softwarebedrijf Ivanti waarschuwt klanten voor een kritiek path traversal-lek in Cloud Service Appliance (CSA) waar aanvallers actief misbruik van maken en dat 'bij toeval' op 10 september werd opgelo ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • TheCyberThrone
Ivanti fixes CVE-2024-8963 Flaw that added to KEV catalog

Ivanti has released a patch for a critical vulnerability in its new Cloud Services Appliance (CSA) vulnerability, which will lead to a path traversal issueThe vulnerability tracked as CVE-2024-8963 wi ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • The Hacker News
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Enterprise Security / Network Security Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • Cybersecurity News
Critical Flaw in Ivanti CSA 4.6: CVE-2024-8963 Actively Exploited, Urgent Upgrade Required

Ivanti, a leader in enterprise software, has disclosed a critical vulnerability in its Ivanti Connect Secure Appliance (CSA) 4.6, identified as CVE-2024-8963. This vulnerability, rated at a CVSS score ... Read more

Published Date: Sep 20, 2024 (2 months, 4 weeks ago)
  • BleepingComputer
Ivanti warns of another critical CSA flaw exploited in attacks

Image: MidjourneyToday, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. Tracked as CVE-2024-896 ... Read more

Published Date: Sep 19, 2024 (2 months, 4 weeks ago)

The following table lists the changes that have been made to the CVE-2024-8963 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Sep. 20, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    Changed Reference Type https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 No Types Assigned https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 Vendor Advisory
    Added CWE NIST CWE-22
    Added CPE Configuration OR *cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:-:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:patch_512:*:*:*:*:*:* *cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Sep. 20, 2024

    Action Type Old Value New Value
    Added Date Added 2024-09-19
    Added Vulnerability Name Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
    Added Due Date 2024-10-10
    Added Required Action As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.
  • CVE Received by 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

    Sep. 19, 2024

    Action Type Old Value New Value
    Added Description Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
    Added Reference ivanti https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 [No types assigned]
    Added CWE ivanti CWE-22
    Added CVSS V3.1 ivanti AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-8963 is associated with the following CWEs:

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability