Ivanti Cloud Service Appliance Command Injection Vulnerability

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

https://github.com/projectdiscovery/nuclei

MIT License

9.34k stars 2.65k forks source link

Ivanti Cloud Service Appliance Command Injection Vulnerability #10758

Open whereveryouare666 opened 2 months ago

whereveryouare666 commented 2 months ago

Template for?

CVE-2024-8190 CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability

Details:

PoC https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection https://github.com/horizon3ai/CVE-2024-8190

GeorginaReeder commented 2 months ago

Thanks so much for this @whereveryouare666 ! :)

CodeStuffBreakThings commented 1 week ago

Hi @whereveryouare666 - I created #11174 but I don't currently have a vulnerable instance of Ivanti Cloud Service Appliance to test with. Could you run this against a vulnerable instance and let me know if it works? Thank you!

CodeStuffBreakThings commented 1 week ago

I opened a support case with Ivanti but they cannot provide me with a download for CSA 4.6 to test with since it's been deprecated