CVE-2024-8963

CRITICAL KEV NUCLEI

Ivanti Endpoint Manager Cloud Services Appliance - Unauthenticated Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-8963 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 19, 2024. EIP tracks 3 public exploits from researchers including iSee857, flyingllama87, patfire94. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-8963, demonstrating a command execution vulnerability in OpenCode. The script sends crafted requests to exploit the vulnerability and verify command execution via the 'id' command.

Description

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

Exploits (3)

github WORKING POC 40 stars
by iSee857 · pythonpoc
https://github.com/iSee857/CVE-PoC/tree/main/IvantiCloudServiceAppliance(CVE-2024-8963、CVE-2024-8190).py

The repository contains functional exploit code for CVE-2024-8963, demonstrating a command execution vulnerability in OpenCode. The script sends crafted requests to exploit the vulnerability and verify command execution via the 'id' command.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenCode
No auth needed
Prerequisites: Network access to the target · Target running vulnerable OpenCode instance
devstral-2 · analyzed Feb 27, 2026 Full analysis →
github WORKING POC 2 stars
by flyingllama87 · pythonremote-auth
https://github.com/flyingllama87/CVE-2024-8190-unauth

This repository contains a functional exploit PoC that combines CVE-2024-8963 (path traversal) and CVE-2024-8190 (command injection) to achieve unauthenticated RCE on Ivanti CSA 4.6 and below. The exploit bypasses authentication via path traversal and injects commands into the TIMEZONE parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ivanti Cloud Services Appliance (CSA) 4.6 and below
No auth needed
Prerequisites: Network access to the target Ivanti CSA instance · Target must be running a vulnerable version (4.6 Patch 518 or below)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SCANNER
by patfire94 · infoleak
https://github.com/patfire94/CVE-2024-8963

This PoC is a scanner for CVE-2024-8963, a path traversal vulnerability in Ivanti Cloud Services Appliance. It checks for the presence of specific keywords in the response to determine vulnerability.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Ivanti Cloud Services Appliance before 4.6 Patch 519
No auth needed
Prerequisites: Network access to the target Ivanti CSA instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Ivanti Cloud Services Appliance - Path Traversal
CRITICALVERIFIEDby johnk3r
Shodan: http.title:"cloud services appliance" || http.title:"landesk(r) cloud services appliance"
FOFA: title="landesk(r) cloud services appliance"

References (2)

Core 2

Scores

CVSS v3 9.4
EPSS 0.9423
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2024-09-19
VulnCheck KEV 2024-09-19
InTheWild.io 2024-09-19
ENISA EUVD EUVD-2024-49510
CWE
CWE-22
Status published
Products (1)
ivanti/endpoint_manager_cloud_services_appliance 4.6 (3 CPE variants)
Published Sep 19, 2024
KEV Added Sep 19, 2024
Tracked Since Feb 18, 2026