CVE-2024-9381 - OpenCVE

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ivanti	Endpoint Manager Cloud Services Appliance

Configuration 1 [-]

cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381

History

Tue, 08 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ivanti Ivanti endpoint Manager Cloud Services Appliance
CPEs		cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance::::::::
Vendors & Products		Ivanti Ivanti endpoint Manager Cloud Services Appliance
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 08 Oct 2024 16:45:00 +0000

Type	Values Removed	Values Added
Description		Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
Weaknesses		CWE-22
References		https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: ivanti

Published: 2024-10-08T16:25:27.092Z

Updated: 2024-10-08T19:23:27.864Z

Reserved: 2024-09-30T21:10:37.315Z

Link: CVE-2024-9381

Vulnrichment

Updated: 2024-10-08T19:22:38.991Z

NVD

Status : Analyzed

Published: 2024-10-08T17:15:57.183

Modified: 2024-10-16T13:30:34.740

Link: CVE-2024-9381

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9381", "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "state": "PUBLISHED", "assignerShortName": "ivanti", "dateReserved": "2024-09-30T21:10:37.315Z", "datePublished": "2024-10-08T16:25:27.092Z", "dateUpdated": "2024-10-08T19:23:27.864Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "CSA (Cloud Services Appliance)", "vendor": "Ivanti", "versions": [{"status": "unaffected", "version": "5.0.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Path trave</span><span style=\"background-color: rgb(255, 255, 255);\">r</span><span style=\"background-color: rgb(255, 255, 255);\">sal</span><span style=\"background-color: rgb(255, 255, 255);\"> in </span><span style=\"background-color: rgb(255, 255, 255);\">Ivanti CSA</span><span style=\"background-color: rgb(255, 255, 255);\"> before version 5.0.2 </span><span style=\"background-color: rgb(255, 255, 255);\">allows a </span><span style=\"background-color: rgb(255, 255, 255);\">remote authenticated</span><span style=\"background-color: rgb(255, 255, 255);\"> attacker </span><span style=\"background-color: rgb(255, 255, 255);\">with admin privileges </span><span style=\"background-color: rgb(255, 255, 255);\">to </span><span style=\"background-color: rgb(255, 255, 255);\">bypass restrictions.</span>"}], "value": "Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions."}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "shortName": "ivanti", "dateUpdated": "2024-10-08T16:25:27.092Z"}, "references": [{"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "ivanti", "product": "endpoint_manager_cloud_services_appliance", "cpes": ["cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "0", "status": "affected", "lessThan": "5.0.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T19:22:52.354674Z", "id": "CVE-2024-9381", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T19:23:27.864Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9381", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-08T19:22:52.354674Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*"], "vendor": "ivanti", "product": "endpoint_manager_cloud_services_appliance", "versions": [{"status": "affected", "version": "0", "lessThan": "5.0.2", "versionType": "custom"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T19:22:38.991Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ivanti", "product": "CSA (Cloud Services Appliance)", "versions": [{"status": "unaffected", "version": "5.0.2"}], "defaultStatus": "affected"}], "references": [{"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Path trave</span><span style=\"background-color: rgb(255, 255, 255);\">r</span><span style=\"background-color: rgb(255, 255, 255);\">sal</span><span style=\"background-color: rgb(255, 255, 255);\"> in </span><span style=\"background-color: rgb(255, 255, 255);\">Ivanti CSA</span><span style=\"background-color: rgb(255, 255, 255);\"> before version 5.0.2 </span><span style=\"background-color: rgb(255, 255, 255);\">allows a </span><span style=\"background-color: rgb(255, 255, 255);\">remote authenticated</span><span style=\"background-color: rgb(255, 255, 255);\"> attacker </span><span style=\"background-color: rgb(255, 255, 255);\">with admin privileges </span><span style=\"background-color: rgb(255, 255, 255);\">to </span><span style=\"background-color: rgb(255, 255, 255);\">bypass restrictions.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "shortName": "ivanti", "dateUpdated": "2024-10-08T16:25:27.092Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9381", "state": "PUBLISHED", "dateUpdated": "2024-10-08T19:23:27.864Z", "dateReserved": "2024-09-30T21:10:37.315Z", "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "datePublished": "2024-10-08T16:25:27.092Z", "assignerShortName": "ivanti"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "B633ABF6-4CAD-462D-B6C9-F209D90EAFD9", "versionEndExcluding": "5.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions."}, {"lang": "es", "value": "El path traversal en Ivanti CSA anterior a la versi\u00f3n 5.0.2 permite que un atacante remoto autenticado con privilegios de administrador eluda las restricciones."}], "id": "CVE-2024-9381", "lastModified": "2024-10-16T13:30:34.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary"}]}, "published": "2024-10-08T17:15:57.183", "references": [{"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "tags": ["Vendor Advisory"], "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381"}], "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary"}]}