Security News > 2024 > October > Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
2024-10-08 18:08

Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in September. The fixed zero-days “We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963,” the company announced on Tuesday. CVE-2024-8963 is a path traversal vulnerability that allows a … More → The post Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/10/08/cve-2024-9379-cve-2024-9380-cve-2024-9381/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-9381 Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
network
low complexity
ivanti CWE-22
7.2
2024-10-08 CVE-2024-9380 OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
network
low complexity
ivanti CWE-78
7.2
2024-10-08 CVE-2024-9379 SQL Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
network
low complexity
ivanti CWE-89
7.2
2024-09-19 CVE-2024-8963 Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
network
low complexity
ivanti CWE-22
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 0 51 157 75 283