Cyber Resilience

CVE-2024-9379

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 08 October 2024

Published
08 October 2024
Modified
24 October 2025
KEV Added
09 October 2024
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.7926 99.1th percentile
Risk Priority 81 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9379 is a medium-severity SQL Injection (CWE-89) vulnerability in Ivanti Endpoint Manager Cloud Services Appliance. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-9379 is an SQL injection vulnerability in the admin web console of Ivanti Cloud Services Appliance (CSA) versions prior to 5.0.2. The flaw, tracked under CWE-89, permits execution of arbitrary SQL statements through the administrative interface.

A remote attacker who already possesses valid administrator credentials can exploit the issue over the network to alter or destroy data and disrupt service availability, though confidentiality impact is rated as none. The CVSS 3.1 score of 6.5 reflects the requirement for high privileges and the resulting integrity and availability consequences.

Ivanti’s security advisory directs customers to upgrade to CSA 5.0.2 or later. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.

The associated EPSS score has reached a peak of 0.8250 with a current value of 0.7926, indicating sustained and substantial exploitation interest following disclosure.

EU & UK References

Vulnerability details

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

CWE(s)
KEV Date Added
09 October 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ivanti
endpoint manager cloud services appliance
≤ 5.0.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all input to the admin web console, blocking crafted SQL statements that exploit CVE-2024-9379.

prevent

Mandates prompt application of the vendor patch (CSA 5.0.2+) that removes the SQL-injection flaw.

detect

Enables monitoring and analysis of database or web-console activity to identify anomalous SQL execution attempts.

References