- Description
- Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
- Source
- 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
- Exploit added on
- Sep 19, 2024
- Exploit action due
- Oct 10, 2024
- Required action
- As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates.
- Hype score
- Not currently trending
I like a vulnerability analysis π¬ as I like a scotch π₯: old enough to order its own scotch... Ivanti CVE-2024-8963 vuln analysis + unique report of malicious activities after exploitation: https://t.co/ZVz0m0PvBX
@securechicken
20 Feb 2025
169 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploitation of Ivanti CSA vulnerabilities, notably CVE-2024-8963, has led to widespread webshell deployments across sectors like healthcare and finance. Insightful analysis highlights tactics used by threat actors. π #Ivanti #Webshells link: https://t.co/ODvhYdYtxt https://t.c
@TweetThreatNews
10 Feb 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
4 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
This week, @CISAgov shared a writeup on the exploitation of CVE-2024-8963, an admin bypass vulnerability; CVE-2024-9379, a SQLi vulnerability; and CVE-2024-8190 and CVE-2024-9380, RCE vulnerabilities in #Ivanti CSA: https://t.co/2OW61ExzhC. β‘οΈ Ivanti CVE-2024-8963 has beenβ¦ http
@Horizon3ai
24 Jan 2025
10 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cyberattackers are exploiting critical Ivanti CSA vulnerabilities (CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, CVE-2024-9380) for admin bypass and remote code execution. Stay vigilant! β οΈ #Ivanti #CISA #USA link: https://t.co/XTjLTwDCfM https://t.co/zpLdyydE69
@TweetThreatNews
23 Jan 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
π¨ CISA and FBI warn of active exploitation of four critical vulnerabilities in Ivanti Cloud Service Appliances (CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, CVE-2024-9380). Stay updated! π #Ivanti #USA #CyberAlert link: https://t.co/ofFIUEQzPv https://t.co/L8MF8545L9
@TweetThreatNews
23 Jan 2025
42 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti Warns of CSA Vulnerability Actively Exploited in Attacks Ivanti has warned about a critical vulnerability in its Cloud Services Appliance (CSA) 4.6, which has been actively exploited in attacks. The vulnerability, identified as CVE-2024-8963, i... https://t.co/rjEHGkGkXX
@SecurityAid
12 Jan 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
23 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
20 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
19 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
17 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
10 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-8963 : Path Traversal Severity: Critical Cvss-Score: 9.1 reference: https://t.co/q61sDVNL9q Poc Video Link : https://t.co/5GpJGmXpAZ #BugBountyPoC #BugBountyExploitPoC #PoCBugBounty #BugBountyProofOfConcept #LiveBugBounty #LiveBugHunting https://t.co/86XIZsMVzY
@viehgroup
10 Nov 2024
79 Impressions
0 Retweets
1 Like
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-8963 : Path Traversal Severity: Critical Cvss-Score: 9.1 reference: https://t.co/hdhBk7Nnhk Poc Video Link : https://t.co/Rgt0ZRNo32 #BugBountyPoC #BugBountyExploitPoC #PoCBugBounty https://t.co/K4NJ8DXnir
@wgujjer11
9 Nov 2024
4105 Impressions
25 Retweets
133 Likes
63 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
8 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
π¨ Scanning Ivanti Cloud Services Appliance - Path Traversal (CVE-2024-8963) Using Nuclei Template shared by johnk3r π Template : https://t.co/oV7HO105eB #ivanti #kev #hackwithautomation https://t.co/008EgrKvDV
@bountywriteups
6 Nov 2024
1381 Impressions
7 Retweets
33 Likes
11 Bookmarks
0 Replies
0 Quotes
π¨ Scanning Ivanti Cloud Services Appliance - Path Traversal (CVE-2024-8963) Using Nuclei detect it fast and keep your assets secure! π Template : https://t.co/s0Utl3ieB9 Reference: https://t.co/6NnPAZiF9f #ivanti #kev #hackwithautomation @pdnuclei https://t.co/p0xAPUfik2
@DhiyaneshDK
6 Nov 2024
7720 Impressions
28 Retweets
132 Likes
70 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
5 Nov 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
4 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
23 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-8963
@transilienceai
20 Oct 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F3651A6-CE83-4DB9-984E-5BFD6AF7F42D"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:patch_512:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B0B3862-470F-4FEE-988F-E8E004A2F5AB"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "591B2354-0874-408A-BFB8-59452C33A5B1"
}
],
"operator": "OR"
}
]
}
]