CVE-2024-8963

CRITICAL KEV NUCLEI

Ivanti Endpoint Manager Cloud Services Appliance - Path Traversal

Title source: rule

Description

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

Exploits (3)

github WORKING POC 40 stars
by iSee857 · pythonpoc
https://github.com/iSee857/CVE-PoC/tree/main/IvantiCloudServiceAppliance(CVE-2024-8963、CVE-2024-8190).py
github WORKING POC 2 stars
by flyingllama87 · pythonremote-auth
https://github.com/flyingllama87/CVE-2024-8190-unauth
nomisec SCANNER
by patfire94 · infoleak
https://github.com/patfire94/CVE-2024-8963

Nuclei Templates (1)

Ivanti Cloud Services Appliance - Path Traversal
CRITICALVERIFIEDby johnk3r
Shodan: http.title:"cloud services appliance" || http.title:"landesk(r) cloud services appliance"
FOFA: title="landesk(r) cloud services appliance"

References (2)

Scores

CVSS v3 9.4
EPSS 0.9423
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Details

CISA KEV 2024-09-19
VulnCheck KEV 2024-09-19
InTheWild.io 2024-09-19
ENISA EUVD EUVD-2024-49510
CWE
CWE-22
Status published
Products (1)
ivanti/endpoint_manager_cloud_services_appliance 4.6 (3 CPE variants)
Published Sep 19, 2024
KEV Added Sep 19, 2024
Tracked Since Feb 18, 2026