admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-81xx/CVE-2024-8190.json
cad-safe-bot e5c06e9737 Auto-Update: 2024-09-16T14:00:25.327862+00:00
2024-09-16 14:03:26 +00:00

119 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-8190",
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2024-09-10T21:15:14.697",
"lastModified": "2024-09-16T13:44:18.173",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2024-09-13",
"cisaActionDue": "2024-10-04",
"cisaRequiredAction": "As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.",
"cisaVulnerabilityName": "Ivanti Cloud Services Appliance OS Command Injection Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en las versiones 4.6, parche 518 y anteriores de Ivanti Cloud Services Appliance permite que un atacante autenticado de forma remota obtenga la ejecuci\u00f3n remota de c\u00f3digo. El atacante debe tener privilegios de nivel de administrador para aprovechar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:cloud_services_appliance:4.6:-:*:*:*:*:*:*",
"matchCriteriaId": "3B63CA83-3DB3-4670-878E-17A54586B25E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:cloud_services_appliance:4.6:patch_518:*:*:*:*:*:*",
"matchCriteriaId": "61C0BF44-691D-4811-BE9E-FB9B6CC856B9"
}
]
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190",
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink