CVE-2024-47908
Published: 11 February 2025
Summary
CVE-2024-47908 is a critical-severity OS Command Injection (CWE-78) vulnerability in Ivanti Cloud Services Appliance. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-47908 is an OS command injection vulnerability, tracked under CWE-78, that affects the admin web console of Ivanti Cloud Services Application (CSA) versions prior to 5.0.5. The flaw carries a CVSS 3.1 score of 9.1 and permits remote code execution when triggered through the console interface.
A remote attacker who already possesses valid administrative credentials can exploit the injection point over the network to run arbitrary operating-system commands on the affected CSA instance, resulting in full compromise of confidentiality, integrity, and availability within the product’s security context.
An official Ivanti security advisory addressing CVE-2024-47908 (along with a related issue) is published at the referenced Ivanti forums URL and provides guidance for customers. The associated EPSS score reached a peak of 0.5365 on 2026-05-24 before receding to its current value of 0.4210, indicating a period of elevated exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4980
Vulnerability details
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in admin web console directly enables T1190 (exploit of exposed application) and results in arbitrary Unix shell command execution (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates OS command injection by requiring validation and sanitization of inputs to the admin web console to block arbitrary command execution.
Ensures timely remediation of the specific command injection flaw through patching to Ivanti CSA version 5.0.5 or later as per the vendor advisory.
Restricts insertion of unauthorized inputs such as shell metacharacters into the admin web console to prevent command injection exploits.