Cyber Resilience

CVE-2024-9380

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 08 October 2024

Published
08 October 2024
Modified
24 October 2025
KEV Added
09 October 2024
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8691 99.5th percentile
Risk Priority 87 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9380 is a high-severity Command Injection (CWE-77) vulnerability in Ivanti Endpoint Manager Cloud Services Appliance. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-9380 is an OS command injection vulnerability, tracked under CWE-77 and CWE-78, that affects the admin web console of Ivanti Cloud Services Appliance (CSA) prior to version 5.0.2. The flaw received a CVSS 3.1 base score of 7.2 reflecting network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability when successfully exploited.

A remote attacker who already possesses authenticated admin credentials can supply crafted input through the web console to execute arbitrary operating system commands, resulting in full remote code execution on the appliance.

The vendor advisory directs customers to upgrade Ivanti CSA to version 5.0.2 or newer; the CVE is also catalogued in CISA's Known Exploited Vulnerabilities list, confirming observed in-the-wild exploitation. The associated EPSS score stands at 0.8691 with a recorded peak of 0.8814.

EU & UK References

Vulnerability details

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

CWE(s)
KEV Date Added
09 October 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ivanti
endpoint manager cloud services appliance
≤ 5.0.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to the admin web console to block specially crafted OS commands that trigger the injection.

prevent

Mandates prompt application of the vendor patch that upgrades Ivanti CSA to 5.0.2 and eliminates the command-injection flaw.

prevent

Requires applying configuration hardening steps referenced in the advisory to reduce the attack surface of the admin console.

References