← back
CVE-2024-8963

CVE-2024-8963

CVSS 9.4 CRITICALEPSS 98.4%● KEVCWE-22
In short

A path traversal flaw in Ivanti CSA before version 4.6 Patch 519 lets attackers bypass security to access restricted features without logging in. This is critical because attackers can gain unauthorized control over sensitive systems.

Technical detail

Path traversal vulnerability (CWE-22) in Ivanti CSA <4.6 Patch 519 allows unauthenticated remote attackers to manipulate file paths and access restricted functionality. The vulnerability requires no prior authentication and can lead to unauthorized system access and privilege escalation.

Summary generated and translated by AI from the official description.
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected products
Ivanti · CSA (Cloud Services Appliance)
public PoCs found1
githubgithub.com/patfire94/CVE-2024-89630
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8963