CVE-2024-8190
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
| CWE | CWE-78 |
| Vendor | ivanti |
| Product | csa (cloud services appliance) |
| Ecosystems | |
| Industries | SecurityNetworking |
| Published | Sep 10, 2024 |
| Last Updated | Oct 21, 2025 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for ivanti csa (cloud services appliance)
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-8190.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Ivanti / CSA (Cloud Services Appliance)
All versions affected References
forums.ivanti.com: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-8190 cisa.gov: https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance