CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8963

Critical Severity
Ivanti
SVRS
84/100
CVSSv3
9.1/10
EPSS
0.94345/1

CVE-2024-8963 is a critical Path Traversal vulnerability in Ivanti CSA that allows unauthorized access. This flaw permits a remote, unauthenticated attacker to bypass security restrictions. The SVRS score of 84 indicates this is a critical vulnerability requiring immediate attention. Successful exploitation allows attackers to access restricted functionalities within the Ivanti CSA system. This vulnerability affects Ivanti CSA versions prior to 4.6 Patch 519. Given that it is actively exploited in the wild and listed in the CISA KEV catalog, patching is essential to prevent potential breaches and data compromise. Organizations using affected Ivanti CSA versions should apply the necessary patch without delay.

TAGS
In The Wild
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:N
PUBLICATION DATE2024-09-19
LAST MODIFIED2024-09-20
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-8963 is a path traversal vulnerability in Ivanti CSA before 4.6 Patch 519. It allows a remote unauthenticated attacker to access restricted functionality. The CVSS score of 9.1 indicates a critical severity, while the SOCRadar Vulnerability Risk Score (SVRS) of 48 suggests a moderate risk.

Key Insights:

  • Remote Exploitation: The vulnerability can be exploited remotely, making it easier for attackers to target systems without physical access.
  • Unrestricted Access: Successful exploitation grants attackers access to restricted functionality, potentially compromising sensitive data or disrupting system operations.
  • Active Exploits: Active exploits have been published, increasing the likelihood of attacks.
  • In the Wild: The vulnerability is actively exploited by hackers, highlighting the urgency of mitigation.

Mitigation Strategies:

  • Apply Patch: Install the latest patch (4.6 Patch 519) from Ivanti to address the vulnerability.
  • Restrict Access: Implement network segmentation and access controls to limit potential attack vectors.
  • Monitor Logs: Regularly review system logs for suspicious activity and investigate any anomalies promptly.
  • Use Intrusion Detection Systems (IDS): Deploy IDS to detect and block malicious traffic targeting the vulnerable component.

Additional Information:

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-89632024-09-19
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
Ajit Jasrotia2025-04-15
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool | The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. “Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in […] The post Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
allhackernews.com
rss
forum
news
CISA Adds One Known Exploited Vulnerability to Catalog
CISA2025-04-01
CISA Adds One Known Exploited Vulnerability to Catalog | CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability These types of vulnerabilities are frequent attack
cve-2024-8963
cyber security
government
cve
ISC StormCast for Friday, September 20th, 2024
Dr. Johannes B. Ullrich2024-09-20
ISC StormCast for Friday, September 20th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Fake GitHub Notices; More Iventi CVS Vulns; Deanonymizing Tor; iPhone Unlockers;Fake GitHub Site Targeting Developers https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282 Ivanti CSA 4.6 Advisory https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US German Police Deanonymizes Tor User https://blog.torproject.org/tor-is-still-safe/ Ever wonder how crooks get the credentials to unlock
sans.edu
rss
forum
news
27th January – Threat Intelligence Report
hagarb2025-03-01
27th January – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 27th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Stark Aerospace, a US-based manufacturer specializing in missile systems and UAVs, contractor of the US Military and the Department of Defense (DoD), has been targeted by the INC ransomware group. The attackers […] The post 27th January – Threat Intelligence Report appeared first on Check Point Research
cve-2024-8190
cve-2025-23006
cve-2024-9380
cve-2024-8963
Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
CISA2025-03-01
Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications | Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways.
us-cert.gov
rss
forum
news
Tageszusammenfassung - 23.01.2025
CERT.at2025-03-01
Tageszusammenfassung - 23.01.2025 | End-of-Day report Timeframe: Mittwoch 22-01-2025 18:00 - Donnerstag 23-01-2025 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News Zendesk-s Subdomain Registration Abused in Phishing Scams Leveraging Zendesk-s communication features, they can send phishing emails disguised as legitimate customer support messages. These emails often include malicious links or attachments to lure victims into clicking. https://hackread.com/zendesk-subdomain-registration-abused-phishing-scams/
cert.at
rss
forum
news
27th January – Threat Intelligence Report - Check Point Research
2025-01-27
27th January – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 27th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Stark Aerospace, a US-based manufacturer specializing in missile systems and UAVs, contractor of the US Military and the Department of Defense (DoD), has been targeted by the INC ransomware group. The attackers claim to have exfiltrated 4TB of data, including design documentation, source codes, firmware for various UAVs, contracts with the DoD, supply chain information, and personal data of company instructors. Check Point Threat Emulation and
google.com
rss
forum
news

Social Media

Exploitation of Ivanti CSA vulnerabilities, notably CVE-2024-8963, has led to widespread webshell deployments across sectors like healthcare and finance. Insightful analysis highlights tactics used by threat actors. 🔍 #Ivanti #Webshells link: https://t.co/ODvhYdYtxt https://t.co/geoxXFR7TX
0
0
0
Actively exploited CVE : CVE-2024-8963
1
0
0
With recent advisories on rising threats, there’s no time to waste. Our #NodeZero Rapid Response tests include the latest CVEs like CVE-2024-8963. Start your free trial and see firsthand how we can bolster your defenses! https://t.co/oIkNMP4EWw
0
0
0
A CISA and FBI published a joint advisory warning that Chinese hackers exploited four Ivanti flaws (CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, CVE-2024-9380) to achieve remote code execution, steal credentials, and deploy webshells. https://t.co/2wYMZlavQ1
0
0
0
CISA and FBI warn of critical vulnerabilities in Ivanti Cloud Service Appliances (CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, CVE-2024-9380) being exploited by attackers. ⚠️ #Ivanti #FBI #USA link: https://t.co/hKdcrOIJPr https://t.co/d45qrBFT8R
0
0
1
Cyberattackers are exploiting critical Ivanti CSA vulnerabilities (CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, CVE-2024-9380) for admin bypass and remote code execution. Stay vigilant! ⚠️ #Ivanti #CISA #USA link: https://t.co/XTjLTwDCfM https://t.co/zpLdyydE69
0
0
0
Ivanti CSA exploit chains examined in joint CISA, FBI advisory: https://t.co/hf3yWJoJPj Chinese threat actors exploited four Ivanti Cloud Service Appliance vulnerabilities, as noted in a joint CISA and FBI advisory. The exploit chains involved CVE-2024-8963, CVE-2024-8190,
0
0
0
CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities  https://t.co/RiD2oA9Wtj Defenders shed light on a set of vulnerabilities in Ivanti Cloud Service Appliances (…
0
0
0
🚨 CISA and FBI warn of active exploitation of four critical vulnerabilities in Ivanti Cloud Service Appliances (CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, CVE-2024-9380). Stay updated! 🔒 #Ivanti #USA #CyberAlert link: https://t.co/ofFIUEQzPv https://t.co/L8MF8545L9
0
0
0
CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory Stay protected from Ivanti CSA vulnerabilities. Learn about the risks and exploits associated with CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 https://t.co/yQDSKYPXKU
0
0
1

Affected Software

Configuration 1
TypeVendorProduct
AppIvantiendpoint_manager_cloud_services_appliance

References

ReferenceLink
3C1D8AA1-5A33-4EA4-8992-AADD6440AF75https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence