CVE-2024-8190 HIGH

CVE-2024-8190

Weakness CWE-78

KEV Status Known Exploited

Published September 10, 2024

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

CISA mandated remediation

02CISA Required Action

As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.

Key dates

03Disclosure timeline

September 10, 2024 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8190 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html CISA KEV Reference https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-C… CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2024-8190

Related vulnerabilities

CVE-2024-8190

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE