CVE-2024-11639

CVSS 3.1 Score 10 of 10 (high)

Details

Published Dec 10, 2024
CWE ID 288

Summary

CVE-2024-11639 is a newly disclosed vulnerability that poses a significant risk to organizations using Ivanti's Configuration Manager (CSA) version prior to 5.0.3. The flaw involves an authentication bypass in the admin web console, enabling unauthenticated attackers to penetrate the system and gain full administrative access remotely. This vulnerability can lead to serious consequences, including data theft, unauthorized system modifications, and potential disruption of critical business operations. It is crucial for Ivanti CSA users to update their software promptly to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share