CVERadar

CVE-2024-9381

High Severity

Ivanti

SVRS

66/100

CVSSv3

7.2/10

EPSS

0.0475/1

CVE-2024-9381 is a path traversal vulnerability found in Ivanti CSA (Connect Secure Appliance) before version 5.0.2. This flaw enables a remote, authenticated attacker with administrator privileges to circumvent security restrictions and potentially access unauthorized files and directories. The SVRS score of 66 indicates a significant risk, though not critical, demanding prompt attention and remediation.

This vulnerability could allow attackers to read sensitive configuration files or execute arbitrary code on the affected system, jeopardizing system integrity and data confidentiality. Successful exploitation could lead to complete system compromise if not addressed. Patches should be applied to mitigate the security risk. Organizations using the Ivanti CSA are urged to upgrade to version 5.0.2 or later to address this serious vulnerability.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

CISA2025-03-01

Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications | Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways.

us-cert.gov

rss

forum

news

Ivanti fixed a maximum severity vulnerability in its CSA solution

Pierluigi Paganini2024-12-11

Ivanti fixed a maximum severity vulnerability in its CSA solution | Ivanti addressed a critical authentication bypass vulnerability impacting its Cloud Services Appliance (CSA) solution. Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-11639 (CVSS score of 10), in its Cloud Services Appliance (CSA) solution. A remote unauthenticated attacker can exploit the vulnerability to gain administrative access.  The vulnerability was discovered by CrowdStrike’s Advanced Research […] Ivanti addressed a critical

securityaffairs.co

rss

forum

news

Tageszusammenfassung - 10.10.2024

CERT.at2024-12-02

Tageszusammenfassung - 10.10.2024 | End-of-Day report Timeframe: Mittwoch 09-10-2024 18:00 - Donnerstag 10-10-2024 18:00 Handler: Robert Waldner Co-Handler: n/a News Firefox Zero-Day Under Attack: Update Your Browser Immediately Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.

cert.at

rss

forum

news

Data Breaches Digest - Week 41 2024

Dunkie ([email protected])2024-12-02

Data Breaches Digest - Week 41 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 7th October and 13th October 2024. 13th October <br

dbdigest.com

rss

forum

news

CVE-2024-9381 – Ivanti CSA Security Vulnerability – October 2024

Security Insights Team2024-10-17

CVE-2024-9381 – Ivanti CSA Security Vulnerability – October 2024 | A critical vulnerability (CVE-2024-9381) in Ivanti’s Cloud Services Appliance allows attackers to bypass security measures and execute arbitrary code. Affected Platform CVE-2024-9381 impacts Ivanti’s Cloud Services Appliance (CSA), a critical component used in secure remote access for enterprise environments, affecting CSA versions prior to the latest patch. Ivanti CSA provides a secure bridge for cloud... The post CVE-2024-9381 – Ivanti CSA Security Vulnerability – October 2024

cve-2024-9381

domains

urls

cves

[AL-132] Active Exploitation of Vulnerabilities in Ivanti's Cloud Services Appliance - Cyber Security Agency of Singapore

2024-10-15

[AL-132] Active Exploitation of Vulnerabilities in Ivanti's Cloud Services Appliance - Cyber Security Agency of Singapore | News Content: Ivanti has released security updates addressing multiple vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) affecting their Cloud Services Appliance (CSA). The vulnerabilities are reportedly being actively exploited. The vulnerabilities are: • CVE-2024-9379: Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker with administrative privileges to run arbitrary SQL statements. • CVE-2024-9380: Successful exploitation of the OS command injection vulnerability could allow a remote authenticated attacker with administrative privileges to perform remote

google.com

rss

forum

news

Must Read - Security Affairs

2023-08-27

Must Read - Security Affairs | News Content: VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. The vulnerability is an authenticated SQL injection vulnerability in HCX, it was privately […] Brazil's Polícia Federal arrested the notorious hacker USDoD Brazil’s Polícia Federal has arrested hacker USDoD, the hacker behind the National Public

google.com

rss

forum

news

Social Media

Fletch

@fletch_ai

2024-10-15

(2/2) Three vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) remain an ongoing threat, with the potential to lead to SQL injection, OS command injection, and more. Get more details: https://t.co/DQaKqR1Xex #Ivanti #cybersecurity #zeroday #RCE #infosec

patrowl_io

@Patrowl_io

2024-10-10

CVE-2024-9379,CVE-2024-9381,CVE-2024-8963,CVE-2024-9390 alerts 🚨 Ivanti CSA v4.6 Multiple Vulnerabilities The vulnerabilities are actively exploited in the wild and have been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #Patrowl https://t.co/BrpSisG0dM

Defused

@DefusedCyber

2024-10-09

New Ivanti vulns: CVE-2024-9381 (High) - Path traversal, CVE-2024-9380 (High) - OS command injection, CVE-2024-9379 (Medium) - SQL injection Deploy decoy-based detection to see exploit intel before its public! Start free 👉 https://t.co/LRix48fbsK #vuln #threatintel https://t.co/fcHrApSuqR

ねこさん⚡(ΦωΦ)

@catnap707

2024-10-08

Ivanti warns of three more CSA zero-days exploited in attacks https://t.co/TH5aT0qsoL "We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963,"

ねこさん⚡(ΦωΦ)

@catnap707

2024-10-08

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) - Help Net Security https://t.co/GYzargFVuJ ”Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws,…”

JV Quantum

@jvquantum

2024-10-08

TheHackersNews: These flaws, CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381, allow attackers to bypass restrictions, execute arbitrary SQL, and gain remote code execution—all with admin privileges. #hacking #infosec

SwitHak (👁)

@SwitHak

2024-10-08

😅 Ivanti: We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379, CVE-2024-9380 or CVE-2024-9381 are chained with CVE-2024-8963. ↘️ https://t.co/n7Jz5EtFhU

Gray Hats

@the_yellow_fall

2024-10-08

#Ivanti Patches CSA Appliance Against Bugs, Including Actively Exploited Flaws This exploitation involves chaining CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381 with a previously addressed flaw, CVE-2024-8963, which could lead to unauthenticated RCE https://t.co/GljYubyqeo

Affected Software

Configuration 1

Type	Vendor	Product
App	Ivanti	endpoint_manager_cloud_services_appliance

References

Reference	Link
3C1D8AA1-5A33-4EA4-8992-AADD6440AF75	https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381

CWE Details

CWE ID	CWE Name	Description
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence