CVE DATABASE / CVE-2024-9380
CVE-2024-9380
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
Confirmed exploited in the wild. Added 2024-10-09.
Federal remediation due 2024-10-30.
Required action: As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution.
Summary
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
CVSS 3.1 breakdown
| Base score | 7.2 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | HIGH |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9380
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-24. Always verify against the vendor advisory before acting.