CVE-2024-8190
Published: 10 September 2024
Summary
CVE-2024-8190 is a high-severity OS Command Injection (CWE-78) vulnerability in Ivanti Cloud Services Appliance. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-8190 is an OS command injection vulnerability, tracked under CWE-78, that affects Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier. The flaw permits remote code execution when successfully triggered.
A remote authenticated attacker with administrative privileges can exploit the issue over the network to obtain code execution, resulting in complete loss of confidentiality, integrity, and availability according to its CVSS 7.2 rating.
Ivanti has published a security advisory detailing the affected versions and available patches, while CISA has issued an alert directing administrators to apply the vendor update promptly; the vulnerability is also catalogued in CISA’s Known Exploited Vulnerabilities list.
The associated EPSS score currently stands at 0.9191 with a recorded peak of 0.9194, indicating a high likelihood of exploitation attempts.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49004
Vulnerability details
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
- CWE(s)
- KEV Date Added
- 13 September 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the crafted OS command input that triggers the CWE-78 injection before execution occurs.
Requires prompt application of the vendor patch that eliminates the command-injection flaw in the appliance.
Limits available OS commands and services on the appliance, reducing the attack surface even for authenticated administrators.