CVE-2024-9380
HIGH KEVIvanti Endpoint Manager Cloud Services Appliance < 5.0.2 - Authenticated Remote Code Execution via Admin Web Console
Title source: llmExploitation Summary
CVE-2024-9380 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 9, 2024.
Description
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
References (2)
Core 2
Core References
Vendor Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9380
Scores
CVSS v3
7.2
EPSS
0.8814
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2024-10-09
VulnCheck KEV
2024-10-08
InTheWild.io
2024-10-09
ENISA EUVD
EUVD-2024-49898
CWE
CWE-78
CWE-77
Status
published
Products (1)
ivanti/endpoint_manager_cloud_services_appliance
< 5.0.2
Published
Oct 08, 2024
KEV Added
Oct 09, 2024
Tracked Since
Feb 18, 2026