Ivanti CSA: path traversal (CVE-2024-9381) #shorts #breaking

CVE

This CVE relates to a path traversal vulnerability found in the Ivanti Cloud Services Appliance. Versions affected are up to 5.0.1. This is considered a zero-day vulnerability, meaning it was potentially exploited before a fix was available. The threat allows a remote attacker, who is authenticated and has administrative rights, to bypass security restrictions. Consequently, it enables the execution of arbitrary code. Known targets of this security issue have been users of the Ivanti CSA. Due to its serious nature, individuals who use these versions should be aware that the vulnerability exists and affects the security integrity of their systems.

Watch the full video on YouTube: CVE-2024-9381

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-9381
Description
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
Provider
ivanti
CWE / problem types
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected Software Versions
Ivanti:CSA (Cloud Services Appliance):[{'status': 'unaffected', 'version': '5.0.2'}]
Date Published
2024-10-08T16:25:27.092Z
Last Updated
2024-10-08T19:23:27.864Z