Cyber Resilience

CVE-2024-8190

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 10 September 2024

Published
10 September 2024
Modified
24 October 2025
KEV Added
13 September 2024
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9191 99.7th percentile
Risk Priority 90 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8190 is a high-severity OS Command Injection (CWE-78) vulnerability in Ivanti Cloud Services Appliance. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-8190 is an OS command injection vulnerability, tracked under CWE-78, that affects Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier. The flaw permits remote code execution when successfully triggered.

A remote authenticated attacker with administrative privileges can exploit the issue over the network to obtain code execution, resulting in complete loss of confidentiality, integrity, and availability according to its CVSS 7.2 rating.

Ivanti has published a security advisory detailing the affected versions and available patches, while CISA has issued an alert directing administrators to apply the vendor update promptly; the vulnerability is also catalogued in CISA’s Known Exploited Vulnerabilities list.

The associated EPSS score currently stands at 0.9191 with a recorded peak of 0.9194, indicating a high likelihood of exploitation attempts.

EU & UK References

Vulnerability details

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

CWE(s)
KEV Date Added
13 September 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ivanti
cloud services appliance
4.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the crafted OS command input that triggers the CWE-78 injection before execution occurs.

prevent

Requires prompt application of the vendor patch that eliminates the command-injection flaw in the appliance.

prevent

Limits available OS commands and services on the appliance, reducing the attack surface even for authenticated administrators.

References