CVE-2024-47908

Published Feb 11, 2025

Last updated 2 days ago

CVSS critical 9.1

Overview

Description
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

7

  1. 🚨 Critical security flaws discovered in Ivanti products could allow attackers to execute arbitrary code remotely. The vulnerabilities (CVE-2024-38657, CVE-2025-22467, CVE-2024-10644, and CVE-2024-47908) impact Ivanti Connect Secure, Policy Secure, and Cloud Services… https://t.

    @TheHackersNews

    12 Feb 2025

    16353 Impressions

    62 Retweets

    128 Likes

    15 Bookmarks

    2 Replies

    3 Quotes

  2. #Ivanti: is on a roll today! On top of ICS/IPS/ISAC Critical vulnerabilities the patches released today cover Critical Ivanti CSA Vulnerability CVE-2024-47908 (#RCE) and CVE-2024-11771 (Path Traversal) 👇 https://t.co/YD1oevm1e4 https://t.co/4hDP6px8Oh

    @securestep9

    11 Feb 2025

    60 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-47908 ⚠️🔴 CRITICAL (9.1) 🏢 Ivanti - Cloud Services Application 🏗️ 5.0.5 🔗 https://t.co/cr7B2ckGAT #CyberCron #VulnAlert https://t.co/SnkNEn8vhx

    @cybercronai

    11 Feb 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-47908 (CVSS 9.1): Critical Ivanti CSA Flaw Enables Attackers to Run Arbitrary Code https://t.co/zkkaNzZkoF

    @Dinosn

    11 Feb 2025

    2135 Impressions

    10 Retweets

    26 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  5. [CVE-2024-47908: CRITICAL] OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.#cybersecurity,#vulnerability https://t.co/CJgDu5kS4u https://t.co/T0o6vGpCZa

    @CveFindCom

    11 Feb 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References