CVE-2024-9379
Published: 08 October 2024
Summary
CVE-2024-9379 is a medium-severity SQL Injection (CWE-89) vulnerability in Ivanti Endpoint Manager Cloud Services Appliance. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-9379 is an SQL injection vulnerability in the admin web console of Ivanti Cloud Services Appliance (CSA) versions prior to 5.0.2. The flaw, tracked under CWE-89, permits execution of arbitrary SQL statements through the administrative interface.
A remote attacker who already possesses valid administrator credentials can exploit the issue over the network to alter or destroy data and disrupt service availability, though confidentiality impact is rated as none. The CVSS 3.1 score of 6.5 reflects the requirement for high privileges and the resulting integrity and availability consequences.
Ivanti’s security advisory directs customers to upgrade to CSA 5.0.2 or later. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.
The associated EPSS score has reached a peak of 0.8250 with a current value of 0.7926, indicating sustained and substantial exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49897
Vulnerability details
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
- CWE(s)
- KEV Date Added
- 09 October 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input to the admin web console, blocking crafted SQL statements that exploit CVE-2024-9379.
Mandates prompt application of the vendor patch (CSA 5.0.2+) that removes the SQL-injection flaw.
Enables monitoring and analysis of database or web-console activity to identify anomalous SQL execution attempts.