virus logo Intrusion Prevention

Ivanti.Cloud.Service.Appliance.datetime.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Vulnerability in Ivanti Cloud Service Appliance.
The vulnerability is due to insufficient validation of user-supplied inputs. A remote attacker can exploit this vulnerability by sending maliciously crafted requests to a vulnerable application. Successful exploitation could result in arbitrary command execution in the security context of the application.

description-logoOutbreak Alert

Threat actors chained and exploited multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance). If successful, this could lead an attacker to gain admin access, obtain credentials, bypass security measures, run arbitrary SQL commands, and execute code remotely.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Ivanti Cloud Service Appliance prior to 4.6 Patch 519

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-12-09 29.917
Modified
 Sig Added
2024-10-08 28.877
Modified
 Default_action:pass:drop
ID 56651
Created Sep 24, 2024
Updated Dec 09, 2024
CVE ID
Tags Ivanti CSA Zero-Day Attack Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 91.91%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other
Profile Type OS Command Injection