CVE-2024-9380

HIGH KEV

Ivanti Endpoint Manager Cloud Services Appliance - Command Injection

Title source: rule

Description

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

References (2)

[Vendor Advisory] https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9380

Scores

CVSS v3 7.2

EPSS 0.8814

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-10-09

VulnCheck KEV 2024-10-08

InTheWild.io 2024-10-09

ENISA EUVD EUVD-2024-49898

CWE

CWE-78 CWE-77

Status published

Products (1)

ivanti/endpoint_manager_cloud_services_appliance < 5.0.2

Published Oct 08, 2024

KEV Added Oct 09, 2024

Tracked Since Feb 18, 2026