CVE-2024-11772

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Dec 10, 2024
CWE ID 77

Summary

CVE-2024-11772 is a command injection vulnerability affecting the Ivanti Cloud Service Automation (CSA) admin web console before version 5.0.3. An authenticated attacker with admin privileges can exploit this vulnerability to inject and execute arbitrary commands remotely. This poses a significant risk for organizations using the Ivanti CSA, as an attacker could gain unauthorized control over the targeted system and potentially steal sensitive data or cause damage. To mitigate this risk, it is recommended that Ivanti customers upgrade to the latest version of CSA as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share