Cyber Resilience

CVE-2024-47908

CriticalRCE

Published: 11 February 2025

Published
11 February 2025
Modified
20 February 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.4210 97.5th percentile
Risk Priority 43 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47908 is a critical-severity OS Command Injection (CWE-78) vulnerability in Ivanti Cloud Services Appliance. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-47908 is an OS command injection vulnerability, tracked under CWE-78, that affects the admin web console of Ivanti Cloud Services Application (CSA) versions prior to 5.0.5. The flaw carries a CVSS 3.1 score of 9.1 and permits remote code execution when triggered through the console interface.

A remote attacker who already possesses valid administrative credentials can exploit the injection point over the network to run arbitrary operating-system commands on the affected CSA instance, resulting in full compromise of confidentiality, integrity, and availability within the product’s security context.

An official Ivanti security advisory addressing CVE-2024-47908 (along with a related issue) is published at the referenced Ivanti forums URL and provides guidance for customers. The associated EPSS score reached a peak of 0.5365 on 2026-05-24 before receding to its current value of 0.4210, indicating a period of elevated exploitation interest after disclosure.

EU & UK References

Vulnerability details

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection in admin web console directly enables T1190 (exploit of exposed application) and results in arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8051Same vendor: Ivanti
CVE-2026-42454Shared CWE-78
CVE-2026-34796Shared CWE-78
CVE-2024-57016Shared CWE-78
CVE-2025-50475Shared CWE-78
CVE-2024-57015Shared CWE-78
CVE-2026-36828Shared CWE-78
CVE-2024-57595Shared CWE-78
CVE-2026-25196Shared CWE-78
CVE-2024-50566Shared CWE-78

Affected Assets

ivanti
cloud services appliance
≤ 5.0.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates OS command injection by requiring validation and sanitization of inputs to the admin web console to block arbitrary command execution.

prevent

Ensures timely remediation of the specific command injection flaw through patching to Ivanti CSA version 5.0.5 or later as per the vendor advisory.

prevent

Restricts insertion of unauthorized inputs such as shell metacharacters into the admin web console to prevent command injection exploits.

References